Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus
USB/Removable/Flash etc.. > Date: Fri, 14 May 2010 13:23:18 -0400 > From: mdud...@king-cart.com > To: clamav-users@lists.clamav.net > Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus > > Huh? It is impossible to have a windows machine without any mass storage > devices. > > Marshall > > Jean-Paul natola wrote: > > correction: I DO NOT ALLOW any mass storage devices on our windows machines > > > > > >> From: jnat...@hotmail.com > >> To: clamav-users@lists.clamav.net > >> Date: Fri, 14 May 2010 12:54:33 -0400 > >> Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus > >> > >> > >> I will install it now, i created this box for the sole purpose of scan usb > >> > > drives, I do ALLOW any storage devices to be used on our windows machines. > > > >> > >> If i can just find a way to automate it so that I dont have to mount and > >> > > run the scans manually > > > >> > >> > >> > >> > >>> From: hugh...@wharton.upenn.edu > >>> To: clamav-users@lists.clamav.net > >>> Date: Fri, 14 May 2010 12:23:38 -0400 > >>> Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine > >>> > > virus > > > >>> And you CAN submit with a text-based browser like lynx -- assuming > >>> > > you're allowed to install one on that box. They work fine for the submission > > program: http://cgi.clamav.net/sendvirus.cgi > > > >>> -Hugh > >>> > >>> -Original Message- > >>> From: clamav-users-boun...@lists.clamav.net > >>> > > [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Alain Zidouemba > > > >>> Sent: Friday, May 14, 2010 12:20 PM > >>> To: ClamAV users ML > >>> Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine > >>> > > virus > > > >>> If you can, please generate the MD5 checksum for that file and paste it > >>> > > here. > > > >>> Thanks, > >>> > >>> -Alain > >>> > >>> On Fri, May 14, 2010 at 12:13 PM, Jean-Paul natola > >>> > > wrote: > > > >>>> yes it is, see link > >>>> > >>>> > >>>> > > http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PALEVO.SMBF&VSect=Sn > > > >>>> > >>>> unfortunatley the bsd box has no web browser so I cannot get to the > >>>> > > submission page > > > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>> Date: Fri, 14 May 2010 11:14:49 -0400 > >>>>> From: azidoue...@sourcefire.com > >>>>> To: clamav-users@lists.clamav.net > >>>>> Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine > >>>>> > > virus > > > >>>>> type the following at the command line: clamscan --help > >>>>> > >>>>> It will show you some of the options you have for quarantining file: > >>>>> > >>>>> clamscan --remove[=yes/no(*)] Remove infected files. Be careful! > >>>>> clamscan --move=DIRECTORY Move infected files into DIRECTORY > >>>>> clamscan --copy=DIRECTORY Copy infected files into DIRECTORY > >>>>> > >>>>> What about menekrug.exe? Do you believe it is malware and should have > >>>>> been detected? If so, please submit to: > >>>>> http://www.clamav.net/lang/en/sendvirus/ > >>>>> > >>>>> -Alain > >>>>> > >>>>> On Fri, May 14, 2010 at 11:03 AM, Jean-Paul natola > >>>>> > > wrote: > > > >>>>>> Hi all, > >>>>>> > >>>>>> > >>>>>> > >>>>>> I am running clamav on a bsd box to scan USB drives, I have two > >>>>>> > > questions, now that it found the virus is there a way to "clean or > > quarentine " > > the infected file"? > > &
Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus
correction: I DO NOT ALLOW any mass storage devices on our windows machines > From: jnat...@hotmail.com > To: clamav-users@lists.clamav.net > Date: Fri, 14 May 2010 12:54:33 -0400 > Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus > > > I will install it now, i created this box for the sole purpose of scan usb > drives, I do ALLOW any storage devices to be used on our windows machines. > > > > If i can just find a way to automate it so that I dont have to mount and run > the scans manually > > > > > > > From: hugh...@wharton.upenn.edu > > To: clamav-users@lists.clamav.net > > Date: Fri, 14 May 2010 12:23:38 -0400 > > Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus > > > > And you CAN submit with a text-based browser like lynx -- assuming you're > > allowed to install one on that box. They work fine for the submission > > program: http://cgi.clamav.net/sendvirus.cgi > > > > -Hugh > > > > -Original Message- > > From: clamav-users-boun...@lists.clamav.net > > [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Alain Zidouemba > > Sent: Friday, May 14, 2010 12:20 PM > > To: ClamAV users ML > > Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus > > > > If you can, please generate the MD5 checksum for that file and paste it > > here. > > > > Thanks, > > > > -Alain > > > > On Fri, May 14, 2010 at 12:13 PM, Jean-Paul natola > > wrote: > > > > > > yes it is, see link > > > > > > http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PALEVO.SMBF&VSect=Sn > > > > > > > > > > > > unfortunatley the bsd box has no web browser so I cannot get to the > > > submission page > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >> Date: Fri, 14 May 2010 11:14:49 -0400 > > >> From: azidoue...@sourcefire.com > > >> To: clamav-users@lists.clamav.net > > >> Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus > > >> > > >> type the following at the command line: clamscan --help > > >> > > >> It will show you some of the options you have for quarantining file: > > >> > > >> clamscan --remove[=yes/no(*)] Remove infected files. Be careful! > > >> clamscan --move=DIRECTORY Move infected files into DIRECTORY > > >> clamscan --copy=DIRECTORY Copy infected files into DIRECTORY > > >> > > >> What about menekrug.exe? Do you believe it is malware and should have > > >> been detected? If so, please submit to: > > >> http://www.clamav.net/lang/en/sendvirus/ > > >> > > >> -Alain > > >> > > >> On Fri, May 14, 2010 at 11:03 AM, Jean-Paul natola > > >> wrote: > > >> > > > >> > Hi all, > > >> > > > >> > > > >> > > > >> > I am running clamav on a bsd box to scan USB drives, I have two > > >> > questions, now that it found the virus is there a way to "clean or > > >> > quarentine " the infected file"? > > >> > > > >> > > > >> > > > >> > also it gave an "OK" result to menekrug.exe see below > > >> > > > >> > > > >> > > > >> > > > >> > /mnt/usb/ISPRED/Desktop.ini: Trojan.Agent-155358 FOUND > > >> > /mnt/usb/ISPRED/menekrug.exe: OK > > >> > /mnt/usb/StarrsAnnLHREWR72.pdf: OK > > >> > /mnt/usb/USB Vault/Desktop.ini: Trojan.Agent-155358 FOUND > > >> > /mnt/usb/USB Vault/syn.exe: Trojan.Downloader-77313 FOUND > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > _ > > >> > The New Busy think 9 to 5 is a cute idea. Combine multiple calendars > > >> > with Hotmail. > > >> > http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 > > >> > ___ > > >> > Help
Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus
I will install it now, i created this box for the sole purpose of scan usb drives, I do ALLOW any storage devices to be used on our windows machines. If i can just find a way to automate it so that I dont have to mount and run the scans manually > From: hugh...@wharton.upenn.edu > To: clamav-users@lists.clamav.net > Date: Fri, 14 May 2010 12:23:38 -0400 > Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus > > And you CAN submit with a text-based browser like lynx -- assuming you're > allowed to install one on that box. They work fine for the submission > program: http://cgi.clamav.net/sendvirus.cgi > > -Hugh > > -Original Message- > From: clamav-users-boun...@lists.clamav.net > [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Alain Zidouemba > Sent: Friday, May 14, 2010 12:20 PM > To: ClamAV users ML > Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus > > If you can, please generate the MD5 checksum for that file and paste it here. > > Thanks, > > -Alain > > On Fri, May 14, 2010 at 12:13 PM, Jean-Paul natola > wrote: > > > > yes it is, see link > > > > http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PALEVO.SMBF&VSect=Sn > > > > > > > > unfortunatley the bsd box has no web browser so I cannot get to the > > submission page > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >> Date: Fri, 14 May 2010 11:14:49 -0400 > >> From: azidoue...@sourcefire.com > >> To: clamav-users@lists.clamav.net > >> Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus > >> > >> type the following at the command line: clamscan --help > >> > >> It will show you some of the options you have for quarantining file: > >> > >> clamscan --remove[=yes/no(*)] Remove infected files. Be careful! > >> clamscan --move=DIRECTORY Move infected files into DIRECTORY > >> clamscan --copy=DIRECTORY Copy infected files into DIRECTORY > >> > >> What about menekrug.exe? Do you believe it is malware and should have > >> been detected? If so, please submit to: > >> http://www.clamav.net/lang/en/sendvirus/ > >> > >> -Alain > >> > >> On Fri, May 14, 2010 at 11:03 AM, Jean-Paul natola > >> wrote: > >> > > >> > Hi all, > >> > > >> > > >> > > >> > I am running clamav on a bsd box to scan USB drives, I have two > >> > questions, now that it found the virus is there a way to "clean or > >> > quarentine " the infected file"? > >> > > >> > > >> > > >> > also it gave an "OK" result to menekrug.exe see below > >> > > >> > > >> > > >> > > >> > /mnt/usb/ISPRED/Desktop.ini: Trojan.Agent-155358 FOUND > >> > /mnt/usb/ISPRED/menekrug.exe: OK > >> > /mnt/usb/StarrsAnnLHREWR72.pdf: OK > >> > /mnt/usb/USB Vault/Desktop.ini: Trojan.Agent-155358 FOUND > >> > /mnt/usb/USB Vault/syn.exe: Trojan.Downloader-77313 FOUND > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > _ > >> > The New Busy think 9 to 5 is a cute idea. Combine multiple calendars > >> > with Hotmail. > >> > http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 > >> > ___ > >> > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > >> > http://www.clamav.net/support/ml > >> > > >> ___ > >> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > >> http://www.clamav.net/support/ml > > > > _ > > The New Busy is not the too busy. Combine all your e-mail accounts with > > Hotmail. > > http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4 > > ___ > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > > http://www.clamav.net/support/ml > > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus
d9fcc755cb4037343eb5d5690a3263a3 > Date: Fri, 14 May 2010 12:20:16 -0400 > From: azidoue...@sourcefire.com > To: clamav-users@lists.clamav.net > Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus > > If you can, please generate the MD5 checksum for that file and paste it here. > > Thanks, > > -Alain > > On Fri, May 14, 2010 at 12:13 PM, Jean-Paul natola > wrote: > > > > yes it is, see link > > > > http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PALEVO.SMBF&VSect=Sn > > > > > > > > unfortunatley the bsd box has no web browser so I cannot get to the > > submission page > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >> Date: Fri, 14 May 2010 11:14:49 -0400 > >> From: azidoue...@sourcefire.com > >> To: clamav-users@lists.clamav.net > >> Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus > >> > >> type the following at the command line: clamscan --help > >> > >> It will show you some of the options you have for quarantining file: > >> > >> clamscan --remove[=yes/no(*)] Remove infected files. Be careful! > >> clamscan --move=DIRECTORY Move infected files into DIRECTORY > >> clamscan --copy=DIRECTORY Copy infected files into DIRECTORY > >> > >> What about menekrug.exe? Do you believe it is malware and should have > >> been detected? If so, please submit to: > >> http://www.clamav.net/lang/en/sendvirus/ > >> > >> -Alain > >> > >> On Fri, May 14, 2010 at 11:03 AM, Jean-Paul natola > >> wrote: > >> > > >> > Hi all, > >> > > >> > > >> > > >> > I am running clamav on a bsd box to scan USB drives, I have two > >> > questions, now that it found the virus is there a way to "clean or > >> > quarentine " the infected file"? > >> > > >> > > >> > > >> > also it gave an "OK" result to menekrug.exe see below > >> > > >> > > >> > > >> > > >> > /mnt/usb/ISPRED/Desktop.ini: Trojan.Agent-155358 FOUND > >> > /mnt/usb/ISPRED/menekrug.exe: OK > >> > /mnt/usb/StarrsAnnLHREWR72.pdf: OK > >> > /mnt/usb/USB Vault/Desktop.ini: Trojan.Agent-155358 FOUND > >> > /mnt/usb/USB Vault/syn.exe: Trojan.Downloader-77313 FOUND > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > _ > >> > The New Busy think 9 to 5 is a cute idea. Combine multiple calendars > >> > with Hotmail. > >> > http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 > >> > ___ > >> > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > >> > http://www.clamav.net/support/ml > >> > > >> ___ > >> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > >> http://www.clamav.net/support/ml > > > > _ > > The New Busy is not the too busy. Combine all your e-mail accounts with > > Hotmail. > > http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4 > > ___ > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > > http://www.clamav.net/support/ml > > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml _ The New Busy is not the old busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus
yes it is, see link http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PALEVO.SMBF&VSect=Sn unfortunatley the bsd box has no web browser so I cannot get to the submission page > Date: Fri, 14 May 2010 11:14:49 -0400 > From: azidoue...@sourcefire.com > To: clamav-users@lists.clamav.net > Subject: Re: [Clamav-users] menekrug not detected/ Clean/quarentine virus > > type the following at the command line: clamscan --help > > It will show you some of the options you have for quarantining file: > > clamscan --remove[=yes/no(*)] Remove infected files. Be careful! > clamscan --move=DIRECTORY Move infected files into DIRECTORY > clamscan --copy=DIRECTORY Copy infected files into DIRECTORY > > What about menekrug.exe? Do you believe it is malware and should have > been detected? If so, please submit to: > http://www.clamav.net/lang/en/sendvirus/ > > -Alain > > On Fri, May 14, 2010 at 11:03 AM, Jean-Paul natola > wrote: > > > > Hi all, > > > > > > > > I am running clamav on a bsd box to scan USB drives, I have two questions, > > now that it found the virus is there a way to "clean or quarentine " the > > infected file"? > > > > > > > > also it gave an "OK" result to menekrug.exe see below > > > > > > > > > > /mnt/usb/ISPRED/Desktop.ini: Trojan.Agent-155358 FOUND > > /mnt/usb/ISPRED/menekrug.exe: OK > > /mnt/usb/StarrsAnnLHREWR72.pdf: OK > > /mnt/usb/USB Vault/Desktop.ini: Trojan.Agent-155358 FOUND > > /mnt/usb/USB Vault/syn.exe: Trojan.Downloader-77313 FOUND > > > > > > > > > > > > > > > > _ > > The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with > > Hotmail. > > http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 > > ___ > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > > http://www.clamav.net/support/ml > > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml _ The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] menekrug not detected/ Clean/quarentine virus
Hi all, I am running clamav on a bsd box to scan USB drives, I have two questions, now that it found the virus is there a way to "clean or quarentine " the infected file"? also it gave an "OK" result to menekrug.exe see below /mnt/usb/ISPRED/Desktop.ini: Trojan.Agent-155358 FOUND /mnt/usb/ISPRED/menekrug.exe: OK /mnt/usb/StarrsAnnLHREWR72.pdf: OK /mnt/usb/USB Vault/Desktop.ini: Trojan.Agent-155358 FOUND /mnt/usb/USB Vault/syn.exe: Trojan.Downloader-77313 FOUND _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Virus/Worm not detected
Hi everyone, I recieved a word document with an embedded "object" which was an executable, Symantec nor Clam detected anything is there someway to submit this? _ Hotmail to go? Get your Hotmail, news, sports and much more! Check out the New MSN Mobile! http://mobile.msn.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] more detail from clamd.log
Hi everyone, My clamava seems to be disconnecting quite often- and my paniclog is full of timed out entries- how can I get the clamlog to give me more detail- and timestamp the entries- here's a portion of my clamlog /var/spool/exim/scan/1HTHbI-0003XF-LE/1HTHbI-0003XF-LE.eml: HTML.Phishing.Bank-1156 FOUND /var/spool/exim/scan/1HTHbr-0003XL-Vj/1HTHbr-0003XL-Vj.eml: HTML.Phishing.Bank-1156 FOUND Client disconnected Client disconnected Client disconnected Client disconnected Client disconnected Client disconnected Client disconnected /var/spool/exim/scan/1HTHes-0003Xq-JA/1HTHes-0003Xq-JA.eml: HTML.Phishing.Bank-1156 FOUND here's a portion of my paniclog 2007-03-19 09:13:42 1HTHeE-0003Xj-E9 malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-19 09:14:03 1HTHec-0003Xn-TF malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-19 09:14:17 1HTHer-0003Xp-0v malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-19 09:14:30 1HTHf2-0003Xr-8p malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-19 09:16:57 1HTHhP-0003Y4-VN malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-19 09:21:58 1HTHld-0003Yh-W1 malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-19 09:23:57 1HTHoC-0003Z9-0m malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-19 09:24:06 1HTHoK-0003ZR-TY malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-19 09:24:38 1HTHoE-0003Yh-Id malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-19 09:24:39 1HTHoo-0003ZW-A1 malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-19 09:24:41 1HTHou-0003Za-1H malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-19 09:24:51 1HTHp4-0003Zc-Fy malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-19 09:25:16 1HTHoq-0003ZZ-GI malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-19 09:25:20 1HTHpV-0003Zj-Og malware acl condition: clamd: unable to read from socket (Operation timed out) running clamav 90.1 exim 4.66 Freebsd 5.4 _ Live Search Maps find all the local information you need, right when you need it. http://maps.live.com/?icid=hmtag2&FORM=MGAC01 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 90 disasters- revert to .88-RESOLVED
From: "jean-paul natola" <[EMAIL PROTECTED]> Reply-To: ClamAV users ML To: clamav-users@lists.clamav.net Subject: Re: [Clamav-users] 90 disasters- revert to .88 Date: Thu, 15 Mar 2007 17:38:32 -0400 From: "Török Edvin" <[EMAIL PROTECTED]> Reply-To: ClamAV users ML To: "ClamAV users ML" Subject: Re: [Clamav-users] 90 disasters- revert to .88 Date: Thu, 15 Mar 2007 23:10:36 +0200 On 3/15/07, jean-paul natola <[EMAIL PROTECTED]> wrote: >On 3/15/07, jean-paul natola <[EMAIL PROTECTED]> wrote: > >>is this the entry you are referring to? >># Initialize supplementary group access (clamd must be started by root). >># Default: no >>AllowSupplementaryGroups yes > >Yes Still crashing due the 5.4 incompatablilty- ANY IDEAS AT ALL- What do you see in your clamd.log/freshclam.log? What do you mean by crash? Does it quit with malformed database error, or crashes with SIGSEGV, or some other form of crash? Does clamscan work? it stops on its own i restart and i saw many of these in the log ++ Started at Thu Mar 15 16:21:08 2007 clamd daemon 0.90.1 (OS: freebsd5.4, ARCH: i386, CPU: i386) Log file size limited to 1048576 bytes. Reading databases from /var/db/clamav Loaded 99304 signatures. WARNING: Socket file /var/run/clamav/clamd exists. Unclean shutdown? Removing... Unix socket file /var/run/clamav/clamd Setting connection queue length to 15 Archive: Archived file size limit set to 10485760 bytes. Archive: Recursion level limit set to 8. Archive: Files limit set to 1000. Archive: Compression ratio limit set to 250. Archive support enabled. Algorithmic detection enabled. Portable Executable support enabled. ELF support enabled. Mail files support enabled. Mail: Recursion level limit set to 64. OLE2 support enabled. PDF support disabled. HTML support enabled. Self checking every 1800 seconds. Set stacksize to 1048576 No stats for Database check - forcing reload Reading databases from /var/db/clamav Database correctly reloaded (99304 signatures) Client disconnected Client disconnected Client disconnected Client disconnected Client disconnected Client disconnected Client disconnected Client disconnected Client disconnected Client disconnected /var/spool/exim/scan/1HRyUT-0003wF-EB/1HRyUT-0003wF-EB.eml: HTML.Phishing.Pay-36 FOUND Client disconnected Client disconnected Client disconnected Client disconnected Client disconnected FYI upgrading to exim 4.66 resolved all my issues- _ Watch free concerts with Pink, Rod Stewart, Oasis and more. Visit MSN Presents today. http://music.msn.com/presents?icid=ncmsnpresentstagline&ocid=T002MSN03A07001 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 90 disasters- revert to .88
From: "Török Edvin" <[EMAIL PROTECTED]> Reply-To: ClamAV users ML To: "ClamAV users ML" Subject: Re: [Clamav-users] 90 disasters- revert to .88 Date: Thu, 15 Mar 2007 23:10:36 +0200 On 3/15/07, jean-paul natola <[EMAIL PROTECTED]> wrote: >On 3/15/07, jean-paul natola <[EMAIL PROTECTED]> wrote: > >>is this the entry you are referring to? >># Initialize supplementary group access (clamd must be started by root). >># Default: no >>AllowSupplementaryGroups yes > >Yes Still crashing due the 5.4 incompatablilty- ANY IDEAS AT ALL- What do you see in your clamd.log/freshclam.log? What do you mean by crash? Does it quit with malformed database error, or crashes with SIGSEGV, or some other form of crash? Does clamscan work? it stops on its own i restart and i saw many of these in the log ++ Started at Thu Mar 15 16:21:08 2007 clamd daemon 0.90.1 (OS: freebsd5.4, ARCH: i386, CPU: i386) Log file size limited to 1048576 bytes. Reading databases from /var/db/clamav Loaded 99304 signatures. WARNING: Socket file /var/run/clamav/clamd exists. Unclean shutdown? Removing... Unix socket file /var/run/clamav/clamd Setting connection queue length to 15 Archive: Archived file size limit set to 10485760 bytes. Archive: Recursion level limit set to 8. Archive: Files limit set to 1000. Archive: Compression ratio limit set to 250. Archive support enabled. Algorithmic detection enabled. Portable Executable support enabled. ELF support enabled. Mail files support enabled. Mail: Recursion level limit set to 64. OLE2 support enabled. PDF support disabled. HTML support enabled. Self checking every 1800 seconds. Set stacksize to 1048576 No stats for Database check - forcing reload Reading databases from /var/db/clamav Database correctly reloaded (99304 signatures) Client disconnected Client disconnected Client disconnected Client disconnected Client disconnected Client disconnected Client disconnected Client disconnected Client disconnected Client disconnected /var/spool/exim/scan/1HRyUT-0003wF-EB/1HRyUT-0003wF-EB.eml: HTML.Phishing.Pay-36 FOUND Client disconnected Client disconnected Client disconnected Client disconnected Client disconnected _ Mortgage rates as low as 4.625% - Refinance $150,000 loan for $579 a month. Intro*Terms https://www2.nextag.com/goto.jsp?product=10035&url=%2fst.jsp&tm=y&search=mortgage_text_links_88_h27f6&disc=y&vers=743&s=4056&p=5117 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: 0.90.1 from ports crashing on FreeBSD 5.4 TOOLATE
On 3/15/07, jean-paul natola <[EMAIL PROTECTED]> wrote: So now that I have already upgraded to 90.1 ( on freebsd 5.4) what can I do get this working? As I said in my second email (that you quoted :>), you need to *not* use -lthr and use -lpthread instead. The simplest way is to modify /usr/ports/security/clamav/Makefile and change -lthr to -lpthread on line 35. THANK YOU - looks like i'll get to go at a decent hour- I really appreciate your help _ The average US Credit Score is 675. The cost to see yours: $0 by Experian. http://www.freecreditreport.com/pm/default.aspx?sc=660600&bcd=EMAILFOOTERAVERAGE ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 90 disasters- revert to .88
On 3/15/07, jean-paul natola <[EMAIL PROTECTED]> wrote: is this the entry you are referring to? # Initialize supplementary group access (clamd must be started by root). # Default: no AllowSupplementaryGroups yes Yes Still crashing due the 5.4 incompatablilty- ANY IDEAS AT ALL- should i set a cron to start clam every 5 minutes?? _ Rates near 39yr lows! $430K Loan for $1,399/mo - Paying Too Much? Calculate new payment http://www.lowermybills.com/lre/index.jsp?sourceid=lmb-9632-18226&moid=7581 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: 0.90.1 from ports crashing on FreeBSD 5.4 TOO LATE
On Thursday March 15, 2007 at 04:09:50 (PM) Rob MacGregor wrote: > Further testing shows that, for FreeBSD 5.4 at least, the use of -lthr > (1:1 Threading Library) the result is instability. The second I added > that to the configure argument clamd started crashing. > > Using the alternative -lpthread doesn't result in crashes. > > I'm going to raise a PR with the FreeBSD maintainer (and drop a line > to freebsd-ports@), but others using (at least) FreeBSD 5.4 may want > to avoid 0.90.1 from ports until this is resolved. This problem has not manifested itself on my FreeBSD-6.2 machine. It might very well be localized to pre-6.0 versions of FBSD. Do you have the option of updating to the latest version of FBSD? I assume you are going to use 'send-pr' to report this problem. So now that I have already upgraded to 90.1 ( on freebsd 5.4) what can I do get this working? my clam is crashing constatnly - _ Get a FREE Web site, company branded e-mail and more from Microsoft Office Live! http://clk.atdmt.com/MRT/go/mcrssaub0050001411mrt/direct/01/ ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 90 disasters- revert to .88
: Hi everyone, I upgraded today and all hell broke loose- at first nothing at all was coming through and i was getting these errors malware acl condition: clamd: ClamAV returned /var/spool/exim/scan/1HRsSv-0006G8-Em: lstat() failed. ERROR Make sure that you've enabled the supplimentary groups option and added the clamav user to the appropriate group. is this the entry you are referring to? # Initialize supplementary group access (clamd must be started by root). # Default: no AllowSupplementaryGroups yes malware acl condition: clamd: unable to read from socket (Operation timed out) I've had problems where clamd was crashing at the database reload (check your clamd log). I've tried a fresh install of 0.90.1 and it's still crashing. I'm just about to kick off a thread about this to see what the developers want me to do to debug this :) -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html _ With tax season right around the corner, make sure to follow these few simple tips. http://articles.moneycentral.msn.com/Taxes/PreparationTips/PreparationTips.aspx?icid=HMFebtagline ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] cannot upgrade to 90.1
From: Chuck Swiger <[EMAIL PROTECTED]> Reply-To: ClamAV users ML To: ClamAV users ML Subject: Re: [Clamav-users] cannot upgrade to 90.1 Date: Thu, 15 Mar 2007 11:46:37 -0700 On Mar 15, 2007, at 11:25 AM, jean-paul natola wrote: I updated my ports and when when I install clamav it only brings me to 90_3 and upon running freshclam- it tells me to upgrade to 90.1 Why wont 90.1 install? I did from /usr/ports/security/clamav make deinstall then make install clean and still i wind up on 90_3 what am i missing? Did you forget to update your ports tree? The ClamAV port was updated to 0.90.1 two days ago: 40-pi% head -10 /usr/ports/security/clamav/Makefile # New ports collection makefile for:clamav # Date created: 15 July 2002 # Whom: [EMAIL PROTECTED] # # $FreeBSD: ports/security/clamav/Makefile,v 1.92 2007/03/13 20:11:16 garga Exp $ # PORTNAME= clamav PORTVERSION=0.90.1 CATEGORIES= security [ ... ] there is one thing I noticed that I do not recall seeing in the past when i start clam I now see this /usr/local/etc/rc.d/clamav-clamd.sh start Starting clamav_clamd. Running as user clamav (UID 106, GID 106) _ Mortgage rates as low as 4.625% - Refinance $150,000 loan for $579 a month. Intro*Terms https://www2.nextag.com/goto.jsp?product=10035&url=%2fst.jsp&tm=y&search=mortgage_text_links_88_h27f6&disc=y&vers=743&s=4056&p=5117 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] cannot upgrade to 90.1
i did the same steps i've been doing for the last year- cvsup portupgrade make deinstall make install clean From: [EMAIL PROTECTED] Reply-To: ClamAV users ML To: ClamAV users ML Subject: Re: [Clamav-users] cannot upgrade to 90.1 Date: Thu, 15 Mar 2007 12:44:05 -0600 jean-paul natola wrote: I updated my ports and when when I install clamav it only brings me to 90_3 and upon running freshclam- it tells me to upgrade to 90.1 http://www.freshports.org/security/clamav/ Are you sure you updated your ports? It looks to me like you still have 90_3 in the ports tree. Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html _ Get a FREE Web site, company branded e-mail and more from Microsoft Office Live! http://clk.atdmt.com/MRT/go/mcrssaub0050001411mrt/direct/01/ ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: cannot upgrade to 90.1
everything but the reboot- the reason i'm trying to get to 90.1 is that my mails are timing out like crazy- My logs are slammed with 2007-03-15 14:28:21 1HRvaX-000Ksb-Q6 malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-15 14:28:35 1HRvPd-000BuU-MH malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-15 14:28:44 1HRvb1-000LIx-8p malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-15 14:28:48 1HRvb6-000LPR-08 malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-15 14:28:48 1HRvb6-000LTE-5p malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-15 14:28:54 1HRvbB-000Lbw-V2 malware acl condition: clamd: unable to read from socket (Operation timed out) From: Gerard Seibert <[EMAIL PROTECTED]> Reply-To: ClamAV users ML To: clamav-users@lists.clamav.net Subject: [Clamav-users] Re: cannot upgrade to 90.1 Date: Thu, 15 Mar 2007 14:30:07 -0400 On Thursday March 15, 2007 at 02:25:59 (PM) jean-paul natola wrote: > I updated my ports and when when I install clamav it only brings me to 90_3 > and upon running freshclam- it tells me to upgrade to 90.1 Did you shutdown both the clamav and freshclam daemons? Try rebooting and see it that works. -- Gerard ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html _ Rates near 39yr lows! $430K Loan for $1,399/mo - Paying Too Much? Calculate new payment http://www.lowermybills.com/lre/index.jsp?sourceid=lmb-9632-18226&moid=7581 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] cannot upgrade to 90.1
I updated my ports and when when I install clamav it only brings me to 90_3 and upon running freshclam- it tells me to upgrade to 90.1 Why wont 90.1 install? I did from /usr/ports/security/clamav make deinstall then make install clean and still i wind up on 90_3 what am i missing? bsd 5.4 _ Mortgage rates as low as 4.625% - Refinance $150,000 loan for $579 a month. Intro*Terms https://www2.nextag.com/goto.jsp?product=10035&url=%2fst.jsp&tm=y&search=mortgage_text_links_88_h27f6&disc=y&vers=743&s=4056&p=5117 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] 90 disasters- revert to .88
Hi everyone, I upgraded today and all hell broke loose- at first nothing at all was coming through and i was getting these errors malware acl condition: clamd: ClamAV returned /var/spool/exim/scan/1HRsSv-0006G8-Em: lstat() failed. ERROR i then unistalled - cleaned - reinstalled - 3 times- then it finally started working ( SOMEWHAT) now what I'm getting is a whole slew of malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-15 13:08:30 1HRuLN-0007Vu-Dw H=imr-d06.mx.aol.com [205.188.159.7] F=<[EMAIL PROTECTED]> temporarily rejected after DATA 2007-03-15 13:08:31 1HRuLO-0007Vv-R8 malware acl condition: clamd: unable to read from socket (Operation timed out) 2007-03-15 13:08:31 1HRuLO-0007Vv-R8 H=bay0-omc2-s41.bay0.hotmail.com [65.54.246.177] F=<[EMAIL PROTECTED]> temporarily rejected after DATA 2007-03-15 13:08:34 1HRuLR-0007Vw-UB malware acl condition: clamd: unable to read from socket (Operation timed out) I also tried to downgrade my port in an effort to get .88 reinstalled but portdowngrade is failing is there antoher way for me to get .88 reinstalled? I'm running freebsd 5.4 exim clamav spamassassin _ Find what you need at prices youll love. Compare products and save at MSN® Shopping. http://shopping.msn.com/default/shp/?ptnrid=37,ptnrdata=24102&tcode=T001MSN20A0701 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: Newbie-inquiry
jean-paul natola wrote: > I'm running; > Freebsd 5.4 clamav 88.7 SA 3.1.7 > > In the paniclog /var/log/exim/paniclog is where I 'm seeing these entries > I did check the 'messages' log and there are no entries- > > It seems that clamav is timing out when it is attempting to scan large > messages Could be a normal situation. > yesterday I saw clams cpu and mem start to skyrocket, at that moment i > looked at what message was being scanned and it was an 18meg file which > subsequently caused another timeout error > [snip] > I will now look for- and examine the clam log Saw your other message, you probably want to enable time stamping to correlate (with the exim log) what is going on. from clamlog Fri Dec 15 16:37:42 2006 -> Set stack size to 1048576 Fri Dec 15 16:45:17 2006 -> /var/spool/exim/scan/1GvKrj-000An9-H2/1GvKrj-000An9-H2.eml: HTML.Phishing.Bank-627 FOUND Fri Dec 15 17:02:16 2006 -> Client disconnected Fri Dec 15 17:07:52 2006 -> No stats for Database check - forcing reload Fri Dec 15 17:07:52 2006 -> Reading databases from /var/db/clamav Fri Dec 15 17:08:06 2006 -> Database correctly reloaded (82936 viruses) from paniclog 2006-12-15 17:02:15 1GvL4w-000AoY-0K malware acl condition: clamd: unable to read from socket (Operation timed out) I'm going to now try the option to not have messages over 1mb scanned- as it appears that calm is "choking" on large messages Will keep you posted _ WIN up to $10,000 in cash or prizes enter the Microsoft Office Live Sweepstakes http://clk.atdmt.com/MRT/go/aub0050001581mrt/direct/01/ ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: Newbie-inquiry
> How do I enable timestamping ? In /etc/clamd.conf, around line 34 : # Log time with each message. # Default: no LogTime yes was not happy with that Starting clamav_clamd. ERROR: Parse error at line 34: Option LogTime doesn't support arguments (got 'yes'). ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf I changed it to; # Log time with each message. # Default: no LogTime and it worked- _ Get the latest Windows Live Messenger 8.1 Beta version. Join now. http://ideas.live.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: Newbie-inquiry
> How do I enable timestamping ? In /etc/clamd.conf, around line 34 : # Log time with each message. # Default: no LogTime yes was not happy with that Starting clamav_clamd. ERROR: Parse error at line 34: Option LogTime doesn't support arguments (got 'yes'). ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf _ Share your latest news with your friends with the Windows Live Spaces friends module. http://clk.atdmt.com/MSN/go/msnnkwsp007001msn/direct/01/?href=http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mk ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: Newbie-inquiry
jean-paul natola wrote: Saw your other message, you probably want to enable time stamping to correlate (with the exim log) what is going on. How do I enable timestamping ? and again it happened with the same type of message /var/spool/exim/scan/1GvHgK-000AQG-Eo/1GvHgK-000AQG-Eo.eml: HTML.Phishing.Auction-144 FOUND SelfCheck: Database status OK. Client disconnected _ Talk now to your Hotmail contacts with Windows Live Messenger. http://clk.atdmt.com/MSN/go/msnnkwme002001msn/direct/01/?href=http://get.live.com/messenger/overview ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Newbie-inquiry
jean-paul natola wrote: Hi everyone, Hello. I'm having a bit of a problem with clamav on my server- I'm getting about 3 to 4 of these per hour- and I dont know why its happening "malware acl condition: clamd: unable to read from socket (Operation timed out)" and yes mail is still coming in- and clamd is running I'm running; Freebsd 5.4 clamav 88.7 SA 3.1.7 In the paniclog /var/log/exim/paniclog is where I 'm seeing these entries I did check the 'messages' log and there are no entries- It seems that clamav is timing out when it is attempting to scan large messages yesterday I saw clams cpu and mem start to skyrocket, at that moment i looked at what message was being scanned and it was an 18meg file which subsequently caused another timeout error ok i just reset the log and this is the entry I saw last - Set stack size to 1048576 /var/spool/exim/scan/1GvHHI-000AMr-JU/1GvHHI-000AMr-JU.eml: HTML.Phishing.Bank-627 FOUND Reading databases from /var/db/clamav Database correctly reloaded (82936 viruses) Client disconnected SelfCheck: Database status OK. /var/spool/exim/scan/1GvHgK-000AQG-Eo/1GvHgK-000AQG-Eo.eml: HTML.Phishing.Auction-144 FOUND _ Get the latest Windows Live Messenger 8.1 Beta version. Join now. http://ideas.live.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Newbie-inquiry
jean-paul natola wrote: Hi everyone, Hello. I'm having a bit of a problem with clamav on my server- I'm getting about 3 to 4 of these per hour- and I dont know why its happening "malware acl condition: clamd: unable to read from socket (Operation timed out)" and yes mail is still coming in- and clamd is running Start by describing your problem in detail: complete list of software and versions involved, where are those messages appearing, what does clamd log say, what have you already tried to detect/eliminate the problem, and anything else you consider relevant. I'm running; Freebsd 5.4 clamav 88.7 SA 3.1.7 In the paniclog /var/log/exim/paniclog is where I 'm seeing these entries I did check the 'messages' log and there are no entries- It seems that clamav is timing out when it is attempting to scan large messages yesterday I saw clams cpu and mem start to skyrocket, at that moment i looked at what message was being scanned and it was an 18meg file which subsequently caused another timeout error My hardware is the following- 550 mhz pentium 320 megs or ram and here are my disk stats- /dev/ad0s1a248M 86M142M38%/ devfs 1.0K1.0K 0B 100%/dev /dev/ad0s1e248M 86K228M 0%/tmp /dev/ad0s1f4.9G792M3.7G17%/usr /dev/ad0s1d248M137M 91M60%/var I will now look for- and examine the clam log someone suggested to tell exim not to call clam on large messages (over 5 megs for example) as virus are always small to spread quicker - _ Share your latest news with your friends with the Windows Live Spaces friends module. http://clk.atdmt.com/MSN/go/msnnkwsp007001msn/direct/01/?href=http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mk ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Newbie-inquiry
Hi everyone, I'm having a bit of a problem with clamav on my server- I'm getting about 3 to 4 of these per hour- and I dont know why its happening "malware acl condition: clamd: unable to read from socket (Operation timed out)" and yes mail is still coming in- and clamd is running if this not the right list please excuse me thx _ MSN Shopping has everything on your holiday list. Get expert picks by style, age, and price. Try it! http://shopping.msn.com/content/shp/?ctId=8000,ptnrid=176,ptnrdata=200601&tcode=wlmtagline ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
