Re: [clamav-users] Bug on public ClamAV Virus Database Search (clamgrok)
Sorry Sierk, I don’t recall how many there were before, but in checking the current databases themselves, the numbers match. Main has 145 and daily has 141. The ClamXav database has over 64,000 “OSX" sigs. I’d have to guess daily.db, daily.zmd and main.db no longer exist in the new format. I don’t believe that Cisco/ClamAV has responsible for it. Last time I checked the server was near Englewood, Colorado, USA and the script owner was somebody named Scott. -Al- On Mon, Mar 21, 2016 at 10:15 AM, Sierk Bornemann wrote: > >> Am 21.03.2016 um 16:34 schrieb Al Varnell : >> >> Although I’ve been seeing the same thing for since, it doesn’t seem to >> impact the results for me. > > For me, it in fact does impact the result page: fewer results. > >> What issue is it causing you? > > Fewer results in contrast to before the db change. > Try by yourself, by searching for the search term ‚osx': > > http://clamav-du.securesites.net/cgi-bin/clamgrok?virus=osx&search-type=contains&case-sensitivity=No&database=daily&database=main&display=database&display=file&display=virus&.submit=Daten+absenden&.cgifields=database&.cgifields=search-type&.cgifields=case-sensitivity&.cgifields=display > > 286 hits for ‚osx' > > The count was higher before, around a 100 or more counts higher, I remember. > Am I right? Or do I err? > > > Sierk smime.p7s Description: S/MIME cryptographic signature ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Bug on public ClamAV Virus Database Search (clamgrok)
> Am 21.03.2016 um 16:34 schrieb Al Varnell : > > Although I’ve been seeing the same thing for since, it doesn’t seem to impact > the results for me. For me, it in fact does impact the result page: fewer results. > What issue is it causing you? Fewer results in contrast to before the db change. Try by yourself, by searching for the search term ‚osx': http://clamav-du.securesites.net/cgi-bin/clamgrok?virus=osx&search-type=contains&case-sensitivity=No&database=daily&database=main&display=database&display=file&display=virus&.submit=Daten+absenden&.cgifields=database&.cgifields=search-type&.cgifields=case-sensitivity&.cgifields=display 286 hits for ‚osx' The count was higher before, around a 100 or more counts higher, I remember. Am I right? Or do I err? Sierk signature.asc Description: Message signed with OpenPGP using GPGMail ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Bug on public ClamAV Virus Database Search (clamgrok)
Although I’ve been seeing the same thing for since, it doesn’t seem to impact the results for me. What issue is it causing you? -Al- On Mon, Mar 21, 2016 at 05:19 AM, Sierk Bornemann wrote: > > Since the change to the new main.cvd and daily.cvd, every request on > http://clamav-du.securesites.net/cgi-bin/clamgrok stops, independently of the > search term, with this error messages at the end of the search result page: > > Couldn't read cache file 'daily.db' in > /home/clamavdb/www/database.clamav.net/.Daily: No such file or directory > Couldn't read cache file 'daily.zmd' in > /home/clamavdb/www/database.clamav.net/.Daily: No such file or directory > Couldn't read cache file 'main.db' in > /home/clamavdb/www/database.clamav.net/.Main: No such file or directory > > Please fix it. smime.p7s Description: S/MIME cryptographic signature ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Bug on public ClamAV Virus Database Search (clamgrok)
Since the change to the new main.cvd and daily.cvd, every request on http://clamav-du.securesites.net/cgi-bin/clamgrok stops, independently of the search term, with this error messages at the end of the search result page: Couldn't read cache file 'daily.db' in /home/clamavdb/www/database.clamav.net/.Daily: No such file or directory Couldn't read cache file 'daily.zmd' in /home/clamavdb/www/database.clamav.net/.Daily: No such file or directory Couldn't read cache file 'main.db' in /home/clamavdb/www/database.clamav.net/.Main: No such file or directory Please fix it. -- Sierk Bornemann ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Bug report submitted - do I need to do anything
Sure - thanks for the reply. Robin -Original Message- From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Alain Zidouemba Sent: 13 February 2013 14:36 To: ClamAV users ML Subject: Re: [clamav-users] Bug report submitted - do I need to do anything Yes, please. If you set up yourself to be notified when an update is posted to the bug, you will receive and email when that happens. All incoming bug reports are looked at within a reasonable amount of time. Thanks, - Alain ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Bug report submitted - do I need to do anything
Yes, please. If you set up yourself to be notified when an update is posted to the bug, you will receive and email when that happens. All incoming bug reports are looked at within a reasonable amount of time. Thanks, - Alain ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] Bug report submitted - do I need to do anything
Hello, Apologies if this is the wrong forum, but I submitted a bug report to the bugzilla website, #6801. Should I just be patient? Thanks, Robin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Bug 5543
Tom, Thanks for your email. Let me talk with the team and see what we can do about fixing these response issues. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Oct 26, 2012, at 8:20 PM, TR Shaw wrote: > I don't mind if SourceFire decides they don't like my proposals or problem > sets. But I do think it shows poor stewardship of clamav when on bugzilla and > on mail lists there is not a peep of a response from SourceFire after 90 > days. Either yea or nay. Its like they are ignoring bugzilla entries. Look > at an issue and respond with yes or no but don't ignore the issues. Ignoring > these issues is just putting your head in the sand. > > Tom > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Bug 5543
On Fri, 26 Oct 2012 20:20:24 -0400 TR Shaw articulated: > I don't mind if SourceFire decides they don't like my proposals or > problem sets. But I do think it shows poor stewardship of clamav when > on bugzilla and on mail lists there is not a peep of a response from > SourceFire after 90 days. Either yea or nay. Its like they are > ignoring bugzilla entries. Look at an issue and respond with yes or > no but don't ignore the issues. Ignoring these issues is just > putting your head in the sand. I have endured the same bullshit from KDE for years. Even similar bugs from multiple users are routinely ignored. It gets worse too. On FreeBSD, the developers simply blame everyone else for the problem and then go back to sticking their head up their ass. I have gotten to the point that if something doesn't work I just move on to another platform. Life is too short to waste it arguing with a wall. I do feel your pain though. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] Bug 5543
I don't mind if SourceFire decides they don't like my proposals or problem sets. But I do think it shows poor stewardship of clamav when on bugzilla and on mail lists there is not a peep of a response from SourceFire after 90 days. Either yea or nay. Its like they are ignoring bugzilla entries. Look at an issue and respond with yes or no but don't ignore the issues. Ignoring these issues is just putting your head in the sand. Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Bug bzip2 CVE-2010-0405
My OS is OpenSuSE with kernel 2.6.34. I got the CVE-2010-0405 error in ClamAV 0.97 compilation and tried to upgrade bunzip2 to version 1.06 (via RPM) but the error is still exist. My running ClamAV is 0.96 What is the other component that I missed to upgrade? Your advise is very appreciated Check /lib*, /usr/lib*, /usr/local/lib* for libbz2.so.*, and see if you have some old versions left over. --Edwin Hi Edwin, Thanks for your advise. Yes, I found the library is still old one. After upgrade library ClamAV can be installed well. Thanks. Wong ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Bug bzip2 CVE-2010-0405
On 2011-03-10 09:59, Wong wrote: > Dear all, > > My apologize to post this message. > > My OS is OpenSuSE with kernel 2.6.34. > > I got the CVE-2010-0405 error in ClamAV 0.97 compilation and tried to > upgrade bunzip2 to version 1.06 (via RPM) but the error is still exist. > My running ClamAV is 0.96 > > What is the other component that I missed to upgrade? Your advise is > very appreciated Check /lib*, /usr/lib*, /usr/local/lib* for libbz2.so.*, and see if you have some old versions left over. --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] Bug bzip2 CVE-2010-0405
Dear all, My apologize to post this message. My OS is OpenSuSE with kernel 2.6.34. I got the CVE-2010-0405 error in ClamAV 0.97 compilation and tried to upgrade bunzip2 to version 1.06 (via RPM) but the error is still exist. My running ClamAV is 0.96 What is the other component that I missed to upgrade? Your advise is very appreciated Thanks a lot. Wong ---snip--- configure: Summary of detected features follows autoit_ea06 : yes bzip2 : bugged (CVE-2010-0405) zlib: /usr unrar : yes configure: WARNING: ** WARNING: ** You are cross compiling to a different host or you are ** linking to bugged system libraries or you have manually ** disabled important configure checks. ** Please be aware that this build may be badly broken. ** DO NOT REPORT BUGS BASED ON THIS BUILD !!! ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Bug in 0.90.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dennis Peterson wrote: [snip] > I saw a huge number of warnings building it with Studio 11 on Sol10-x86, > but nothing unusual building with gcc on Sol8 64-bit Sparc with GCC 3.3.2. The warnings are there in Solaris 9, gcc 3.3.2, regular build (32-bit binaries). In fact looking at the unrar.h file, it is not a long type declaration, it is a uint64_t, so the constant is wrong and the whole expression is suspect. Of course only unrar will fail. - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHx0TL3NNweKTRgwRCM2OAJ9HlutAb/vgb0UbOx+LAF5zudLbJwCfTWGO WDOxKtYt1Fz9iqg3R6mXdMg= =3MQy -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Bug in 0.90.2
René Berber wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Hi, > > While building clamav-0.90.2 I saw these messages: > > unrar/unrar.c: In function `cli_unrar_extract_next_prepare': > unrar/unrar.c:1549: warning: integer constant is too large for "long" type > unrar/unrar.c:1550: warning: integer constant is too large for "long" type > > In fact, those constants (0x1) are bigger than 64-bit, looks like a > bug > to me, at least for 32-bit CPUs or any that defines long as 64-bit. > - -- I saw a huge number of warnings building it with Studio 11 on Sol10-x86, but nothing unusual building with gcc on Sol8 64-bit Sparc with GCC 3.3.2. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Bug in 0.90.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, While building clamav-0.90.2 I saw these messages: unrar/unrar.c: In function `cli_unrar_extract_next_prepare': unrar/unrar.c:1549: warning: integer constant is too large for "long" type unrar/unrar.c:1550: warning: integer constant is too large for "long" type In fact, those constants (0x1) are bigger than 64-bit, looks like a bug to me, at least for 32-bit CPUs or any that defines long as 64-bit. - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHuirL3NNweKTRgwRCJxUAJ4rNE/szCwjG/LNXlONuFcW/Rmb8wCgwvUr rRy5Q+5/kBQfyoLx11vkRjQ= =qPQ/ -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] bug tracker
Hello, the ones among you that subscribed to this mailing list long time ago will find hard to believe this: finally we have bug tracker! Please use it wisely: https://bugs.clamav.net Thanks, -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +44 2081239239 [Fax] +39 0187015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Bug with --remove??
Thanks guys, sorry for false alarm! ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Bug with --remove??
Daniel T. Staal wrote: On Thu, June 15, 2006 11:13 am, Kevin Lowe said: Hi, I accidentally issued the following command where I mis-spelled remove: $ ./clamscan --remov /usr/home/projects/virus/ And it actually removed the file. I would expect either an error or the flag to be ignored. Is this a (minor) bug I shoud report? ClamAV 0.88.2 running on FreeBSD Many Unix tools will allow you to abbreviate the flags to the shortest non-ambiguous string. I'd consider that normal behavior. This appears to be the case: [EMAIL PROTECTED] jmaul]$ clamscan --r clamscan: option `--r' is ambiguous ERROR: Unknown option passed. [EMAIL PROTECTED] jmaul]$ clamscan --re clamscan: option `--re' is ambiguous ERROR: Unknown option passed. [EMAIL PROTECTED] jmaul]$ clamscan --rem [EMAIL PROTECTED] jmaul]$ clamscan --remo [EMAIL PROTECTED] jmaul]$ clamscan --remov [EMAIL PROTECTED] jmaul]$ clamscan --remove [EMAIL PROTECTED] jmaul]$ clamscan --remhjhj clamscan: unrecognized option `--remhjhj' ERROR: Unknown option passed. -Jim ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Bug with --remove??
On Thu, June 15, 2006 11:13 am, Kevin Lowe said: > Hi, > > I accidentally issued the following command where I mis-spelled remove: > > $ ./clamscan --remov /usr/home/projects/virus/ > > And it actually removed the file. I would expect either an error or the > flag to be ignored. Is this a (minor) bug I shoud report? > > ClamAV 0.88.2 running on FreeBSD Many Unix tools will allow you to abbreviate the flags to the shortest non-ambiguous string. I'd consider that normal behavior. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Bug with --remove??
Hi, I accidentally issued the following command where I mis-spelled remove: $ ./clamscan --remov /usr/home/projects/virus/ And it actually removed the file. I would expect either an error or the flag to be ignored. Is this a (minor) bug I shoud report? ClamAV 0.88.2 running on FreeBSD Kevin ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Bug
Jim Maul said: > Dennis Peterson wrote: >> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the >> Problem said: >> >>>Looks like since Clamav 0.84, clamav-milter is crashing every time >>>fleshclam get new definitions. I am running clamav on BSD/OS 4.3.1 >> >> >> It's probably trying to tell you your From: address is too long, eh. >> >> dp > > I had actually typed up "Maybe its because your from name is too long" > but decided not to send the message at the end. Strange ;) > > -Jim Careful - you're going to get big sig guy's speedo's in a bunch again. dp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Bug
Dennis Peterson wrote: Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem said: Looks like since Clamav 0.84, clamav-milter is crashing every time fleshclam get new definitions. I am running clamav on BSD/OS 4.3.1 It's probably trying to tell you your From: address is too long, eh. dp I had actually typed up "Maybe its because your from name is too long" but decided not to send the message at the end. Strange ;) -Jim ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Bug
Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem said: > Looks like since Clamav 0.84, clamav-milter is crashing every time > fleshclam get new definitions. I am running clamav on BSD/OS 4.3.1 It's probably trying to tell you your From: address is too long, eh. dp ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Bug
Looks like since Clamav 0.84, clamav-milter is crashing every time fleshclam get new definitions. I am running clamav on BSD/OS 4.3.1 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Bug in clamd (0.80) handling .jar files
On Wed, 08 Dec 2004 13:25:51 +1300 Jason Haar <[EMAIL PROTECTED]> wrote: > Hi there > > I have a viral *.jar file that clamscan and clamdscan cannot find > anything wrong with, but if I run "clamscan --jar file.jar", it finds > the trojans. > > JAR files are meant to be ZIP files, but if I manually run unzip over > it I see: > > Archive: loaderadv50.jar > warning [loaderadv50.jar]: 262 extra bytes at beginning or within > zipfile > (attempting to process anyway) > testing: Counter.classOK > testing: Dummy.class OK > testing: Matrix.class OK > testing: Parser.class OK > No errors detected in compressed data of loaderadv50.jar. > > > So there is some junk in there that unzip skips over - but I'm > wondering if that same junk allows it to bypass clamscan/clamd's > standard methods of discovering if it's a JAR file? When I run > "clamscan --jar loaderadv50.zip", I see clamscan calling > "/usr/bin/unzip" - so I assume without that option, clamscan uses > internal unzip routines, and with it clamscan calls /usr/bin/unzip? We're not clairvoyants and can't help you without a sample. It was instructed a few posts ago how to submit a bug. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Dec 8 01:28:55 CET 2004 pgp9oSdMr6Akg.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Bug in clamd (0.80) handling .jar files
Hi there I have a viral *.jar file that clamscan and clamdscan cannot find anything wrong with, but if I run "clamscan --jar file.jar", it finds the trojans. JAR files are meant to be ZIP files, but if I manually run unzip over it I see: Archive: loaderadv50.jar warning [loaderadv50.jar]: 262 extra bytes at beginning or within zipfile (attempting to process anyway) testing: Counter.classOK testing: Dummy.class OK testing: Matrix.class OK testing: Parser.class OK No errors detected in compressed data of loaderadv50.jar. So there is some junk in there that unzip skips over - but I'm wondering if that same junk allows it to bypass clamscan/clamd's standard methods of discovering if it's a JAR file? When I run "clamscan --jar loaderadv50.zip", I see clamscan calling "/usr/bin/unzip" - so I assume without that option, clamscan uses internal unzip routines, and with it clamscan calls /usr/bin/unzip? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Bug in ClamAV-0.80rc4 - clamdscan error codes differ from clamscan
On Mon, 2004-10-18 at 03:27 +0200, Tomasz Kojm wrote: > I'm almost sure you're still running the old instance of clamd. > Restarting it should solve the problem. Sheesh - do I feel STUPID :-) Thanks. The two examples I had that caused this problem are now exit status zero - so I'm happy. Thanks for that - and sorry for the screw-up :-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Bug in ClamAV-0.80rc4 - clamdscan error codes differ from clamscan
On Mon, 18 Oct 2004 14:23:59 +1300 Jason Haar <[EMAIL PROTECTED]> wrote: > On Mon, 2004-10-18 at 03:09 +0200, Tomasz Kojm wrote: > > > > Oh, no. It's working just fine: > > > > [EMAIL PROTECTED]:/tmp$ clamscan partial-1.eml > > LibClamAV Warning: Partial message received from MUA/MTA - message > > cannot be scanned > > LibClamAV Warning: Descriptor[3]: Bad format or broken data > > partial-1.eml: OK > > Heh - you've forgotten my original e-mail. clamscan didn't show the > problem - clamdscan did. No, I haven't. clamd can't print "Bad format or broken data ERROR" because it was disabled in libclamav. Looking at your report: > bash$ clamdscan -V > ClamAV 0.80/533/Sun Oct 17 14:09:44 2004 > > bash$ clamdscan Test_Emails//partial-1.eml > partial-1.eml: Bad format or broken data ERROR > partial-1.eml: OK > > --- SCAN SUMMARY --- > Infected files: 0 > Time: 0.002 sec (0 m 0 s) I'm almost sure you're still running the old instance of clamd. Restarting it should solve the problem. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Oct 18 03:24:53 CEST 2004 pgpPK5LaaLumS.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Bug in ClamAV-0.80rc4 - clamdscan error codes differ from clamscan
On Mon, 2004-10-18 at 03:09 +0200, Tomasz Kojm wrote: > > Oh, no. It's working just fine: > > [EMAIL PROTECTED]:/tmp$ clamscan partial-1.eml > LibClamAV Warning: Partial message received from MUA/MTA - message > cannot be scanned > LibClamAV Warning: Descriptor[3]: Bad format or broken data > partial-1.eml: OK Heh - you've forgotten my original e-mail. clamscan didn't show the problem - clamdscan did. They differ in their exit status. clamscan exits zero, but clamdscan exits 2 on these messages. This is a large issue for content-filters like Qmail-Scanner, where they try to detect errors by the exit status. i.e. zero means OK, one means virus, and anything else means "something went wrong". clamdscan is saying "something went wrong" whereas clamscan says it's all OK... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Bug in ClamAV-0.80rc4 - clamdscan error codes differ from clamscan
On Mon, 18 Oct 2004 03:07:13 +0200 Tomasz Kojm <[EMAIL PROTECTED]> wrote: > On Mon, 18 Oct 2004 10:25:37 +1300 > Jason Haar <[EMAIL PROTECTED]> wrote: > > > Whoops. Bad form, should have checked the code before sending. > > > > I'm afraid your patch is in 0.80 - but isn't working: > > > > > > Find attached a partial that triggers the error. > > Too late... Oh, no. It's working just fine: [EMAIL PROTECTED]:/tmp$ clamscan partial-1.eml LibClamAV Warning: Partial message received from MUA/MTA - message cannot be scanned LibClamAV Warning: Descriptor[3]: Bad format or broken data partial-1.eml: OK --- SCAN SUMMARY --- Known viruses: 25254 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB I/O buffer size: 131072 bytes Time: 2.218 sec (0 m 2 s) -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Oct 18 03:08:17 CEST 2004 pgpuC8YCBjUfp.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Bug in ClamAV-0.80rc4 - clamdscan error codes differ from clamscan
On Mon, 18 Oct 2004 10:25:37 +1300 Jason Haar <[EMAIL PROTECTED]> wrote: > Whoops. Bad form, should have checked the code before sending. > > I'm afraid your patch is in 0.80 - but isn't working: > > > Find attached a partial that triggers the error. Too late... -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Oct 18 03:06:55 CEST 2004 pgp6KmazlI07R.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Bug in ClamAV-0.80rc4 - clamdscan error codes differ from clamscan
Whoops. Bad form, should have checked the code before sending. I'm afraid your patch is in 0.80 - but isn't working: Find attached a partial that triggers the error. bash$ clamdscan -V ClamAV 0.80/533/Sun Oct 17 14:09:44 2004 bash$ clamdscan Test_Emails//partial-1.eml partial-1.eml: Bad format or broken data ERROR partial-1.eml: OK --- SCAN SUMMARY --- Infected files: 0 Time: 0.002 sec (0 m 0 s) bash$ echo $? 2 Jason On Mon, Oct 18, 2004 at 10:21:03AM +1300, Jason Haar wrote: > On Fri, Oct 15, 2004 at 02:06:54AM +0200, Tomasz Kojm wrote: > > On Fri, 15 Oct 2004 12:03:51 +1300 > > Jason Haar <[EMAIL PROTECTED]> wrote: > > > > > I've got a message being unable to be delivered via Qmail-Scanner > > > because clamdscan is reporting "Bad format or broken data ERROR" when > > > processing the message. > > > > Patch attached (also applied in CVS). > > I've just downloaded the official 0.80 - and this problem is still present. > Did your patch miss the deadline? > > I am due to release the next version of Qmail-Scanner, and I want > clamav-0.80 to be "officially" supported. But this bug is triggering every > day on our network - and we're not even a big site, so I'm relutant to do so. > > If 0.80 doesn't have this patch, then would it be appropriate for a content > filter like Qmail-Scanner to treat exit status 2 errors which contain "Bad > format or broken data ERROR" as being equivalent to exit status 0? (like > clamscan does already). If so, I'll put that in until the exit status issue > clears up in ClamAV 0.81 or whatever... > > [I'm just concerned there are some other error conditions (e.g. out of > memory or permission problems) that could cause clamdscan to also exit > status 2 - and such a hack would end up passing on infected emails when it > shouldn't] > > Thanks! > > -- > Cheers > > Jason Haar > Information Security Manager, Trimble Navigation Ltd. > Phone: +64 3 9635 377 Fax: +64 3 9635 417 > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 From: me To: you Content-type: message/partial; id="[EMAIL PROTECTED]"; number=1; total=3 MIME-Version: 1.0 Subject: example of a partial message Content-type: text/plain MIME-Version: 1.0 helllo ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Bug in ClamAV-0.80rc4 - clamdscan error codes differ from clamscan
On Fri, Oct 15, 2004 at 02:06:54AM +0200, Tomasz Kojm wrote: > On Fri, 15 Oct 2004 12:03:51 +1300 > Jason Haar <[EMAIL PROTECTED]> wrote: > > > I've got a message being unable to be delivered via Qmail-Scanner > > because clamdscan is reporting "Bad format or broken data ERROR" when > > processing the message. > > Patch attached (also applied in CVS). I've just downloaded the official 0.80 - and this problem is still present. Did your patch miss the deadline? I am due to release the next version of Qmail-Scanner, and I want clamav-0.80 to be "officially" supported. But this bug is triggering every day on our network - and we're not even a big site, so I'm relutant to do so. If 0.80 doesn't have this patch, then would it be appropriate for a content filter like Qmail-Scanner to treat exit status 2 errors which contain "Bad format or broken data ERROR" as being equivalent to exit status 0? (like clamscan does already). If so, I'll put that in until the exit status issue clears up in ClamAV 0.81 or whatever... [I'm just concerned there are some other error conditions (e.g. out of memory or permission problems) that could cause clamdscan to also exit status 2 - and such a hack would end up passing on infected emails when it shouldn't] Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Bug in ClamAV-0.80rc4 - clamdscan error codes differ from clamscan
On Fri, 15 Oct 2004 07:51:00 +0100 Brian Morrison <[EMAIL PROTECTED]> wrote: > On Fri, 15 Oct 2004 02:06:54 +0200 in > [EMAIL PROTECTED] Tomasz Kojm <[EMAIL PROTECTED]> > wrote: > > > On Fri, 15 Oct 2004 12:03:51 +1300 > > Jason Haar <[EMAIL PROTECTED]> wrote: > > > > > I've got a message being unable to be delivered via Qmail-Scanner > > > because clamdscan is reporting "Bad format or broken data ERROR" > > > when processing the message. > > > > Patch attached (also applied in CVS). > > > > FYI I'm seeing a Bad Signature message for the signed parts of the > email you sent Tomasz, I'd suspect some sort of modification to the > format after the signing has occurred. It seems to be a problem with the mailing list software (and it only appears with e-mails with attachments). -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Oct 15 10:06:47 CEST 2004 pgp4Gv971x4EI.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Bug in ClamAV-0.80rc4 - clamdscan error codes differ from clamscan
On Fri, 15 Oct 2004 02:06:54 +0200 in [EMAIL PROTECTED] Tomasz Kojm <[EMAIL PROTECTED]> wrote: > On Fri, 15 Oct 2004 12:03:51 +1300 > Jason Haar <[EMAIL PROTECTED]> wrote: > > > I've got a message being unable to be delivered via Qmail-Scanner > > because clamdscan is reporting "Bad format or broken data ERROR" > > when processing the message. > > Patch attached (also applied in CVS). > FYI I'm seeing a Bad Signature message for the signed parts of the email you sent Tomasz, I'd suspect some sort of modification to the format after the signing has occurred. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Bug in ClamAV-0.80rc4 - clamdscan error codes differ from clamscan
On Fri, 15 Oct 2004 12:03:51 +1300 Jason Haar <[EMAIL PROTECTED]> wrote: > I've got a message being unable to be delivered via Qmail-Scanner > because clamdscan is reporting "Bad format or broken data ERROR" when > processing the message. Patch attached (also applied in CVS). -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Oct 15 02:06:34 CEST 2004 cleformat.patch Description: Binary data pgpPb1TEEGuIA.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Bug in ClamAV-0.80rc4 - clamdscan error codes differ from clamscan
I've got a message being unable to be delivered via Qmail-Scanner because clamdscan is reporting "Bad format or broken data ERROR" when processing the message. It is part 12 of a 12 part message/partial message... It appears to be a legit mail containing a whole bunch of GIF files (I'm going to guess it's someone sending holiday snaps, and their mailer has chosen to split it into chunks using message/partial. If I run it via clamdscan - it exits error code 2 If I run it via clamscan - it exits error code 0! I think clamscan is correct. This is a "broken" mail message, but not one which should trigger an error. Shouldn't clamdscan match what clamscan produces? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] bug in clamav-milter PID file handling
On Fri, 2004-09-24 at 18:30, [EMAIL PROTECTED] wrote: > Yes but I retract my opinion that this is a problem. kill `cat clamav-milter.pid` > wasn't working, and I wrongly blamed this on the newline. > It turned out after experiment that kill $PID wasn't working either. > But killall clamav-milter worked so I'm going with that. Why not kill `head -1 clamav-milter.pid` Alex --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamav-milter PID file handling
On Sep 24, 2004, at 16:30, <[EMAIL PROTECTED]> wrote: Doug Hardie wrote: On Sep 24, 2004, at 13:48, <[EMAIL PROTECTED]> wrote: Matthew.van.Eerde wrote: There seems to be a problem with clamav-milter's --pidfile option. I retract this. The --pidfile option is fine. Line 1408 of clamav-milter.c has fprintf(fd, "%d\n", (int)getpid()); which will put a \n at the end of the pid value in the pid file. Yes but I retract my opinion that this is a problem. kill `cat clamav-milter.pid` wasn't working, and I wrongly blamed this on the newline. It turned out after experiment that kill $PID wasn't working either. But killall clamav-milter worked so I'm going with that. The \n should not be in that print statement. I use the pid file for checking to be sure servers are still running and that requires that the code be modified for that particular situation. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] bug in clamav-milter PID file handling
Doug Hardie wrote:
> On Sep 24, 2004, at 13:48, <[EMAIL PROTECTED]> wrote:
>
>> Matthew.van.Eerde wrote:
>>> There seems to be a problem with clamav-milter's --pidfile option.
>>
>> I retract this. The --pidfile option is fine.
>
>
> Line 1408 of clamav-milter.c has
>
> fprintf(fd, "%d\n", (int)getpid());
>
> which will put a \n at the end of the pid value in the pid file.
Yes but I retract my opinion that this is a problem. kill `cat clamav-milter.pid`
wasn't working, and I wrongly blamed this on the newline.
It turned out after experiment that kill $PID wasn't working either.
But killall clamav-milter worked so I'm going with that.
[EMAIL PROTECTED] 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamav-milter PID file handling
On Sep 24, 2004, at 13:48, <[EMAIL PROTECTED]> wrote: Matthew.van.Eerde wrote: There seems to be a problem with clamav-milter's --pidfile option. I retract this. The --pidfile option is fine. Line 1408 of clamav-milter.c has fprintf(fd, "%d\n", (int)getpid()); which will put a \n at the end of the pid value in the pid file. ClamAV 0.80rc2/503/Thu Sep 23 12:32:44 2004 clamav-milter version 0.80 on zoon.lafn.org --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] bug in clamav-milter PID file handling
Matthew.van.Eerde wrote: > There seems to be a problem with clamav-milter's --pidfile option. I retract this. The --pidfile option is fine. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] bug in clamav-milter PID file handling
There seems to be a problem with clamav-milter's --pidfile option.
It successfully writes the PID to the file but then it also puts a trailing newline.
This makes it unsuitable for the standard
kill `cat /the/pidfile`
trick.
As a workaround this seems to work:
kill `head --bytes=-1 /the/pidfile`
but if the bug is fixed the workaround will delete a random process, which is never
good.
What's the best way to submit this?
[EMAIL PROTECTED] 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Bug in clamdscan/client.c 0.75
Rob Mangiafico wrote:
+peer_size = sizeof(peer);
+if(getpeername(sockd, (struct sockaddr *) &peer, &peer_size) < 0) {
+ perror("getpeername()");
+ mprintf("@Can't get socket peer name.\n");
+ return -1;
+}
+
+server.sin_addr.s_addr = peer.sin_addr.s_addr;
+
Commenting out the new code (with + in front) seems to at least get things
working on my system.
Anyone else see any drawbacks to commenting this out in 0.75 to get things
working with Unix Sockets support for the time being? Want to upgrade to
0.75 for the increased virus catching of certain viruses.
Rob M.
That's what I did, and it works fine.
(Actually commenting out the last line is enough.)
--
Paul Bijnens, XplanationTel +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512
http://www.xplanation.com/ email: [EMAIL PROTECTED]
***
* I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, F6, *
* quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt, abort, hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e, kill -1 $$, shutdown, *
* kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ...*
* ... "Are you sure?" ... YES ... Phew ... I'm out *
***
---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Bug in clamdscan/client.c 0.75
> > +peer_size = sizeof(peer);
> > +if(getpeername(sockd, (struct sockaddr *) &peer, &peer_size) < 0) {
> > + perror("getpeername()");
> > + mprintf("@Can't get socket peer name.\n");
> > + return -1;
> > +}
> > +
> > +server.sin_addr.s_addr = peer.sin_addr.s_addr;
> > +
>
> Commenting out the new code (with + in front) seems to at least get things
> working on my system.
Anyone else see any drawbacks to commenting this out in 0.75 to get things
working with Unix Sockets support for the time being? Want to upgrade to
0.75 for the increased virus catching of certain viruses.
Rob M.
---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Bug in clamdscan/client.c 0.75
On Fri, 23 Jul 2004, Paul Bijnens wrote:
> +peer_size = sizeof(peer);
> +if(getpeername(sockd, (struct sockaddr *) &peer, &peer_size) < 0) {
> + perror("getpeername()");
> + mprintf("@Can't get socket peer name.\n");
> + return -1;
> +}
> +
> +server.sin_addr.s_addr = peer.sin_addr.s_addr;
> +
Commenting out the new code (with + in front) seems to at least get things
working on my system.
==
Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/
---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Bug in clamdscan/client.c 0.75
In clamdscan/client.c this was changed in 0.75:
@@ -129,6 +131,15 @@
server.sin_family = AF_INET;
server.sin_port = htons(port);
+peer_size = sizeof(peer);
+if(getpeername(sockd, (struct sockaddr *) &peer, &peer_size) < 0) {
+ perror("getpeername()");
+ mprintf("@Can't get socket peer name.\n");
+ return -1;
+}
+
+server.sin_addr.s_addr = peer.sin_addr.s_addr;
+
if(connect(wsockd, (struct sockaddr *) &server, sizeof(struct
sockaddr_in)) < 0) {
close(wsockd);
perror("connect()");
If I do an strace, this happens here:
$ strace clamdscan - < filetotest
...
write(3, "STREAM", 6) = 6
read(3, "PORT 10005\n", 4096) = 11
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 4
getpeername(3, {sin_family=AF_UNIX, path="/tmp/clamd"}, [13]) = 0
connect(4, {sin_family=AF_INET, sin_port=htons(10005),
sin_addr=inet_addr("109.112.47.99")}}, 16)
The program tries to getpeername() to get the ip-number of the remote
site, but this happens to be a AF_UNIX socket, not a AF_INET socket!
Result: garbage in the s_addr field...
Symptoms, clamdscan just waits until timeout on the (hopefully)
not answering host.
--
Paul Bijnens, XplanationTel +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512
http://www.xplanation.com/ email: [EMAIL PROTECTED]
***
* I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, F6, *
* quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt, abort, hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e, kill -1 $$, shutdown, *
* kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ...*
* ... "Are you sure?" ... YES ... Phew ... I'm out *
***
---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
Tomasz Kojm wrote: On Mon, 21 Jun 2004 14:04:23 -0600 Dan Egli <[EMAIL PROTECTED]> wrote: Phil Ershler wrote: It was when I composed this message. I just couldn't get connected to a network until this morning. I was really quite serious. If you want to make a contribution, contact the the Clamav team. Phil I would if I could code in C. I cann't do C to save my life. It has always been sooo complicated to me. I'm a Pascal/Delphi programmer. Now if they want something done in Pascal or Delphi then I could help. Else I'm stuck on the side lines. The CVS version of clamdscan now supports multiple arguments on command line. cool thanks! -- -- Dan --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
On Mon, 21 Jun 2004 14:04:23 -0600 Dan Egli <[EMAIL PROTECTED]> wrote: > Phil Ershler wrote: > > It was when I composed this message. I just couldn't get connected > > to a network until this morning. I was really quite serious. If you > > want to make a contribution, contact the the Clamav team. > > > > Phil > > I would if I could code in C. I cann't do C to save my life. It has > always been sooo complicated to me. I'm a Pascal/Delphi programmer. > Now if they want something done in Pascal or Delphi then I could help. > Else I'm stuck on the side lines. The CVS version of clamdscan now supports multiple arguments on command line. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Jun 22 18:44:20 CEST 2004 pgpiQf72CwpEh.pgp Description: PGP signature
Re: [Clamav-users] bug in clamdscan
Dan Egli wrote: Phil Ershler wrote: It was when I composed this message. I just couldn't get connected to a network until this morning. I was really quite serious. If you want to make a contribution, contact the the Clamav team. Phil I would if I could code in C. I cann't do C to save my life. It has always been sooo complicated to me. I'm a Pascal/Delphi programmer. Now if they want something done in Pascal or Delphi then I could help. Else I'm stuck on the side lines. It wouldn't be too difficult to edit the the current version of clamav to produce errors in the way you want and then create a diff patch for it, so that you have it for future use. Also, I would have to say that I do agree with you in certain respects the format of:- "ERROR:Can't access file /root" does make more sense than "/root: Can't access file ERROR" although everyone has their own opinions, in either format it is easy enough to parse the error with grep to determine if an error occurred or not. Something I am trying to do myself at the moment :-> Just my 2 pennies worth, ignore me if you wish. Regards Lee --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
Phil Ershler wrote: It was when I composed this message. I just couldn't get connected to a network until this morning. I was really quite serious. If you want to make a contribution, contact the the Clamav team. Phil I would if I could code in C. I cann't do C to save my life. It has always been sooo complicated to me. I'm a Pascal/Delphi programmer. Now if they want something done in Pascal or Delphi then I could help. Else I'm stuck on the side lines. -- -- Dan --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
It was when I composed this message. I just couldn't get connected to a network until this morning. I was really quite serious. If you want to make a contribution, contact the the Clamav team. Phil On Jun 21, 2004, at 1:35 PM, Dan Egli wrote: Philip Ershler wrote: If you don't like the software, and are unhappy about how much you paid for it, contact the Clamav team and ask for a job. Just my 2 cents. Phil First, it was just a suggestion! Second, Fix your clock! It's not 11 pm Sunday! -- -- Dan --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
Philip Ershler wrote: If you don't like the software, and are unhappy about how much you paid for it, contact the Clamav team and ask for a job. Just my 2 cents. Phil First, it was just a suggestion! Second, Fix your clock! It's not 11 pm Sunday! -- -- Dan --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
If you don't like the software, and are unhappy about how much you paid for it, contact the Clamav team and ask for a job. Just my 2 cents. Phil On Jun 20, 2004, at 10:25 PM, Dan Egli wrote: Fajar A. Nugraha wrote: Dan Egli wrote: [EMAIL PROTECTED] root]# clamdscan $PWD /root: Can't access the file ERROR Ok, clamd was running as clamav (I never know what daemons maintain the 0 uid and which ones call set_uid()). But my above question stands. Where is this ERROR file coming from? ERROR is not a file name :) It's the scanning result : ERROR, which is not OK. --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users so redo the message. It looks like a file name. change /root: Can't access the file ERROR to ERROR: cannot access the file /root Simple! Or even: scanning /root: Can't access the file. ERROR Makes a HECK of a lot more sense to me. -- -- Dan --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
> >> > > ERROR is not a file name :) > > It's the scanning result : ERROR, which is not OK. > > > > so redo the message. It looks like a file name. > > change /root: Can't access the file ERROR > to > ERROR: cannot access the file /root > > Simple! > > Or even: > > scanning /root: Can't access the file. ERROR > > Makes a HECK of a lot more sense to me. > -- > -- Dan > > You can write ERROR arse over tit. It still means ERROR. Let it go. Matt --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
Fajar A. Nugraha wrote: Dan Egli wrote: [EMAIL PROTECTED] root]# clamdscan $PWD /root: Can't access the file ERROR Ok, clamd was running as clamav (I never know what daemons maintain the 0 uid and which ones call set_uid()). But my above question stands. Where is this ERROR file coming from? ERROR is not a file name :) It's the scanning result : ERROR, which is not OK. --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users so redo the message. It looks like a file name. change /root: Can't access the file ERROR to ERROR: cannot access the file /root Simple! Or even: scanning /root: Can't access the file. ERROR Makes a HECK of a lot more sense to me. -- -- Dan --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
Dan Egli wrote: [EMAIL PROTECTED] root]# clamdscan $PWD /root: Can't access the file ERROR Ok, clamd was running as clamav (I never know what daemons maintain the 0 uid and which ones call set_uid()). But my above question stands. Where is this ERROR file coming from? ERROR is not a file name :) It's the scanning result : ERROR, which is not OK. --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
Jeremy Kitchen wrote: On Saturday 19 June 2004 12:14 pm, Dan Egli wrote: but I cannot scan a DIR either. [EMAIL PROTECTED] root]# clamdscan $PWD /root: Can't access the file ERROR $5 says your clamd is not running as root. therefore, it doesn't (hopefully) have access to read root's home directory. -Jeremy even if that's true (I'm checking) Why would it say cannot access the file ERROR? there IS no such file in that directory. Ok, clamd was running as clamav (I never know what daemons maintain the 0 uid and which ones call set_uid()). But my above question stands. Where is this ERROR file coming from? -- -- Dan --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
On Saturday 19 June 2004 12:14 pm, Dan Egli wrote: > but I cannot scan a DIR either. > > [EMAIL PROTECTED] root]# clamdscan $PWD > /root: Can't access the file ERROR $5 says your clamd is not running as root. therefore, it doesn't (hopefully) have access to read root's home directory. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
Steven Stern wrote: On Sun, 20 Jun 2004 10:42:26 -0600, Dan Egli <[EMAIL PROTECTED]> wrote: But Mr. Stern was saying Working-As-Designed and I'm just saying Working-As-Designed makes no sense. If it's a bug then ok, it's a bug. I can understand that and forgive quite easily. "As designed" may not be the way you *want* it to work. It would be appropriate to lobby the developers for a change to the design. As Designed, if this really is as designed, is IMO, a REALLY DUMB design. Defeats the whole idea of a daemon. -- -- Dan --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
On Sun, 20 Jun 2004 10:42:26 -0600, Dan Egli <[EMAIL PROTECTED]> wrote: > But Mr. Stern was >saying Working-As-Designed and I'm just saying Working-As-Designed makes >no sense. If it's a bug then ok, it's a bug. I can understand that and >forgive quite easily. "As designed" may not be the way you *want* it to work. It would be appropriate to lobby the developers for a change to the design. -- Steve --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
Jeff Smelser wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Saturday 19 June 2004 12:14 pm, Dan Egli wrote: Can someone kindly explain why on earth you would write a scanner that only scans ONE FILE? The whole point of clamdscan is it's supposed to be faster than clamscan because it let's the daemon do the scanning, and it just acts as an interface. Doesn't make much sense to then cripple it by only working on one file at a time. Slow down. Its has to be a bug. Its worked here several times in the past. I take it you never wrote code with bugs in it? Jeff - -- Of course I have. And if it's just a bug then fine. But Mr. Stern was saying Working-As-Designed and I'm just saying Working-As-Designed makes no sense. If it's a bug then ok, it's a bug. I can understand that and forgive quite easily. -- -- Dan --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
## Steven Stern ([EMAIL PROTECTED]): > The same thing happens in 0.73. Reading the man page, it seems that it is a > WAD. > clamdscan [options] [file/directory] > clamdscan scans one file or one directory tree > clamscan works on multiple files. Have a look at the source :) - clamav-0.73/clamscan/options.c ll. 140, where opt->filename is created - clamav-0.73/clamscan/manager.c ll. 279, clamscan goes through the files - clamav-0.73/clamdscan/client.c ll. 208, clamdscan just uses opt-filename without the loop as in manager.c. It should be possible to put the logic from manager.c into client.c. Regards, Christoph -- Spare Space --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
On Sat, Jun 19, 2004 at 11:14:35AM -0600, Dan Egli said: > but I cannot scan a DIR either. > > [EMAIL PROTECTED] root]# clamdscan $PWD > /root: Can't access the file ERROR > > --- SCAN SUMMARY --- > Infected files: 0 > Time: 0.001 sec (0 m 0 s) > > > Can someone kindly explain why on earth you would write a scanner that > only scans ONE FILE? The whole point of clamdscan is it's supposed to be > faster than clamscan because it let's the daemon do the scanning, and it > just acts as an interface. Doesn't make much sense to then cripple it by > only working on one file at a time. That sounds like a permission problem - what user is clamd running as? It works here, for files clamd can read. -- -- | Stephen Gran | It would be illogical to kill without | | [EMAIL PROTECTED] | reason. -- Spock, "Journey to Babel", | | http://www.lobefin.net/~steve | stardate 3842.4 | -- pgp5yMCWA6ROX.pgp Description: PGP signature
Re: [Clamav-users] bug in clamdscan
Dan Egli wrote: Steven Stern wrote: On Sat, 19 Jun 2004 10:09:48 -0600, Dan Egli <[EMAIL PROTECTED]> wrote: I've encountered this bug a few times: [EMAIL PROTECTED] test]# touch file1 [EMAIL PROTECTED] test]# touch file2 [EMAIL PROTECTED] test]# touch file3 [EMAIL PROTECTED] test]# ls file1 file2 file3 [EMAIL PROTECTED] test]# clamdscan file1 file2 file3 ERROR: Can't access file file1 file2 file3 file1 file2 file3: No such file or directory The same thing happens in 0.73. Reading the man page, it seems that it is a WAD. clamdscan [options] [file/directory] clamdscan scans one file or one directory tree clamscan works on multiple files. -- Steve but I cannot scan a DIR either. [EMAIL PROTECTED] root]# clamdscan $PWD /root: Can't access the file ERROR --- SCAN SUMMARY --- Infected files: 0 Time: 0.001 sec (0 m 0 s) Can someone kindly explain why on earth you would write a scanner that only scans ONE FILE? The whole point of clamdscan is it's supposed to be faster than clamscan because it let's the daemon do the scanning, and it just acts as an interface. Doesn't make much sense to then cripple it by only working on one file at a time. Just a guess but I'd bet it doesn't scan directories and files the run-as user has no access to. dp --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Saturday 19 June 2004 12:14 pm, Dan Egli wrote: > Can someone kindly explain why on earth you would write a scanner that > only scans ONE FILE? The whole point of clamdscan is it's supposed to be > faster than clamscan because it let's the daemon do the scanning, and it > just acts as an interface. Doesn't make much sense to then cripple it by > only working on one file at a time. Slow down. Its has to be a bug. Its worked here several times in the past. I take it you never wrote code with bugs in it? Jeff - -- === Jabber: tradergt@(smelser.org|jabber.org) Quote: What would the BOFH do? === -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA1HfEld4MRA3gEwYRAjXoAKCFQG/v4xEgeS+5KZfGlSShJfawZwCgguvk NGmzteF+GX+HyNddvm8+NFs= =iRkq -END PGP SIGNATURE- --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
Steven Stern wrote: On Sat, 19 Jun 2004 10:09:48 -0600, Dan Egli <[EMAIL PROTECTED]> wrote: I've encountered this bug a few times: [EMAIL PROTECTED] test]# touch file1 [EMAIL PROTECTED] test]# touch file2 [EMAIL PROTECTED] test]# touch file3 [EMAIL PROTECTED] test]# ls file1 file2 file3 [EMAIL PROTECTED] test]# clamdscan file1 file2 file3 ERROR: Can't access file file1 file2 file3 file1 file2 file3: No such file or directory The same thing happens in 0.73. Reading the man page, it seems that it is a WAD. clamdscan [options] [file/directory] clamdscan scans one file or one directory tree clamscan works on multiple files. -- Steve --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users but I cannot scan a DIR either. [EMAIL PROTECTED] root]# clamdscan $PWD /root: Can't access the file ERROR --- SCAN SUMMARY --- Infected files: 0 Time: 0.001 sec (0 m 0 s) Can someone kindly explain why on earth you would write a scanner that only scans ONE FILE? The whole point of clamdscan is it's supposed to be faster than clamscan because it let's the daemon do the scanning, and it just acts as an interface. Doesn't make much sense to then cripple it by only working on one file at a time. -- -- Dan --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
On Sat, 19 Jun 2004 10:09:48 -0600, Dan Egli <[EMAIL PROTECTED]> wrote: >I've encountered this bug a few times: > >[EMAIL PROTECTED] test]# touch file1 >[EMAIL PROTECTED] test]# touch file2 >[EMAIL PROTECTED] test]# touch file3 >[EMAIL PROTECTED] test]# ls >file1 file2 file3 >[EMAIL PROTECTED] test]# clamdscan file1 file2 file3 >ERROR: Can't access file file1 file2 file3 >file1 file2 file3: No such file or directory The same thing happens in 0.73. Reading the man page, it seems that it is a WAD. clamdscan [options] [file/directory] clamdscan scans one file or one directory tree clamscan works on multiple files. -- Steve --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] bug in clamdscan
I've encountered this bug a few times: [EMAIL PROTECTED] test]# touch file1 [EMAIL PROTECTED] test]# touch file2 [EMAIL PROTECTED] test]# touch file3 [EMAIL PROTECTED] test]# ls file1 file2 file3 [EMAIL PROTECTED] test]# clamdscan file1 file2 file3 ERROR: Can't access file file1 file2 file3 file1 file2 file3: No such file or directory --- SCAN SUMMARY --- Infected files: 0 Time: 0.001 sec (0 m 0 s) but if I scan ONE file, it's fine. But scanning more than one file at a time causes this. I'm using the latest CVS version, downloaded just a couple of days ago. -- -- Dan --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] bug in clamav-milter loggin
Version 0.72 seems to have a typo in the routine that does logging for clamav-milter: Jun 5 17:47:04 ciscy sendmail[28711]: i55Ml3ll028711: Milter add: header: X-Virus-Scanned: clamd / ClamAV version 0.72, clamav-milter version 0.72\n\ton ciscy.sterndata.com It appears that the newline and tab are showing up as the text equivalents. -- Steve --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug? clamdscan doesn't follow links
On Wed, Jun 02, 2004 at 03:12:37AM -0500, Damian Menscher wrote: > I'm running clamav-0.70. > [EMAIL PROTECTED] tmp]# ln -s eicar.txt eicar.lnk > [EMAIL PROTECTED] tmp]# clamscan eicar.??? > eicar.lnk: Eicar-Test-Signature FOUND > eicar.txt: Eicar-Test-Signature FOUND > [EMAIL PROTECTED] tmp]# clamdscan eicar.lnk > /tmp/eicar.lnk: OK > I find it highly nonintuitive that clamscan will follow links, and > clamdscan will not. What happens if you enable FollowFileSymlinks in your clamav configuration? -- Damien --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] bug? clamdscan doesn't follow links
I'm running clamav-0.70. (command below obfuscated to bypass virus filters) [EMAIL PROTECTED] tmp]# echo '[EMAIL PROTECTED](P^)7CC)7}$EICAR-STAN'\ 'DARD-ANTIVIRUS-TEST-FILE!$H+H*' > eicar.txt [EMAIL PROTECTED] tmp]# ln -s eicar.txt eicar.lnk [EMAIL PROTECTED] tmp]# clamscan eicar.??? eicar.lnk: Eicar-Test-Signature FOUND eicar.txt: Eicar-Test-Signature FOUND --- SCAN SUMMARY --- Known viruses: 21758 Scanned directories: 0 Scanned files: 2 Infected files: 2 Data scanned: 0.00 MB I/O buffer size: 131072 bytes Time: 0.416 sec (0 m 0 s) [EMAIL PROTECTED] tmp]# clamdscan eicar.txt /tmp/eicar.txt: Eicar-Test-Signature FOUND --- SCAN SUMMARY --- Infected files: 1 Time: 0.001 sec (0 m 0 s) [EMAIL PROTECTED] tmp]# clamdscan eicar.lnk /tmp/eicar.lnk: OK --- SCAN SUMMARY --- Infected files: 0 Time: 0.000 sec (0 m 0 s) I find it highly nonintuitive that clamscan will follow links, and clamdscan will not. Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] bug? clamdscan doesn't follow links
I'm running clamav-0.70. [EMAIL PROTECTED] tmp]# echo '[EMAIL PROTECTED](P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > eicar.txt [EMAIL PROTECTED] tmp]# ln -s eicar.txt eicar.lnk [EMAIL PROTECTED] tmp]# clamscan eicar.??? eicar.lnk: Eicar-Test-Signature FOUND eicar.txt: Eicar-Test-Signature FOUND --- SCAN SUMMARY --- Known viruses: 21758 Scanned directories: 0 Scanned files: 2 Infected files: 2 Data scanned: 0.00 MB I/O buffer size: 131072 bytes Time: 0.416 sec (0 m 0 s) [EMAIL PROTECTED] tmp]# clamdscan eicar.txt /tmp/eicar.txt: Eicar-Test-Signature FOUND --- SCAN SUMMARY --- Infected files: 1 Time: 0.001 sec (0 m 0 s) [EMAIL PROTECTED] tmp]# clamdscan eicar.lnk /tmp/eicar.lnk: OK --- SCAN SUMMARY --- Infected files: 0 Time: 0.000 sec (0 m 0 s) I find it highly nonintuitive that clamscan will follow links, and clamdscan will not. Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Bug with 0.71 not limiting archive scans? (e.g. 42.zip)
On Wed, 26 May 2004 02:06:45 +1200 Jason Haar <[EMAIL PROTECTED]> wrote: > I've just tried running clamdscan and clamscan over 42.zip (with > archive limits enabled) and it doesn't exit in any decent time (i.e. > it's still running 15 minutes later at 99% CPU). > > e.g > > clamscan -v --debug --max-files=100 --max-recursion=4 42.zip > > The strange thing is it reports things like: > > LibClamAV debug: Zip -> page e.zip, compressed: 10234, normal: > 4168266, ratio: 407 (max: 200) > > That ratio is > 200 - so it should just stop - right? The behaviour has changed in 0.7x but it just turned out to be a bad move. Fixed in CVS, thanks. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue May 25 21:22:21 CEST 2004 pgpDFVQ2uFAqp.pgp Description: PGP signature
[Clamav-users] Bug with 0.71 not limiting archive scans? (e.g. 42.zip)
I've just tried running clamdscan and clamscan over 42.zip (with archive limits enabled) and it doesn't exit in any decent time (i.e. it's still running 15 minutes later at 99% CPU). e.g clamscan -v --debug --max-files=100 --max-recursion=4 42.zip The strange thing is it reports things like: LibClamAV debug: Zip -> page e.zip, compressed: 10234, normal: 4168266, ratio: 407 (max: 200) That ratio is > 200 - so it should just stop - right? Also, if I change that to "-max-recursion=2", the ratio drops to 18 out of 200 - shouldn't that remain the same irrespective of the max-recursion value? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] BUG? and question
On Wed, 28 Jan 2004 21:55:58 +0700 "Andrey V. Malyshev" <[EMAIL PROTECTED]> wrote: > Hello! > > 1) > clamav-devel-20040127: clamd crashes without any log records when > virus bases reloading command sent. > It appears _only_ when UseProcesses in clamav.conf is enable. UseProcesses is completely broken - please don't use it yet. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Jan 29 11:12:03 CET 2004 pgp0.pgp Description: PGP signature
[Clamav-users] BUG? and question
Hello! 1) clamav-devel-20040127: clamd crashes without any log records when virus bases reloading command sent. It appears only when UseProcesses in clamav.conf is enable. Steps to reproduce: - start clamd - erase daily.cvd - start freshclam with "daemon-notify" === Debug log: LibClamAV debug: Loading databases from /usr/local/clamav/bases LibClamAV debug: Loading /usr/local/clamav/bases/main.cvd LibClamAV debug: /usr/local/clamav/bases/main.cvd: CVD file detected LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 46b4b24055925f69a6d5d7802dbd1479 LibClamAV debug: Decoded signature: 46b4b24055925f69a6d5d7802dbd1479 LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /var/tmp//8548d795bb919ad9/COPYING LibClamAV debug: Unpacking /var/tmp//8548d795bb919ad9/viruses.db LibClamAV debug: Loading databases from /var/tmp//8548d795bb919ad9 LibClamAV debug: Loading /var/tmp//8548d795bb919ad9/viruses.db LibClamAV debug: Initializing trie. LibClamAV debug: Loading /usr/local/clamav/bases/daily.cvd LibClamAV debug: /usr/local/clamav/bases/daily.cvd: CVD file detected LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 30026198a02d30a7bc70dd0d220551e2 LibClamAV debug: Decoded signature: 30026198a02d30a7bc70dd0d220551e2 LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /var/tmp//e368b490ddfee329/COPYING LibClamAV debug: Unpacking /var/tmp//e368b490ddfee329/viruses.db2 LibClamAV debug: Loading databases from /var/tmp//e368b490ddfee329 LibClamAV debug: Loading /var/tmp//e368b490ddfee329/viruses.db2 Broken pipe === clamd log: Wed Jan 28 21:24:19 2004 -> Reading databases from /usr/local/clamav/bases Wed Jan 28 21:24:23 2004 -> Database correctly reloaded (20583 viruses) And that's all here. === freshclam log: ClamAV update process started at Wed Jan 28 21:24:13 2004 Reading CVD header (main.cvd): OK main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm) Reading CVD header (daily.cvd): OK Downloading daily.cvd [*] daily.cvd updated (version: 110, sigs: 596, f-level: 1, builder: tomek) Database updated (20583 signatures) from database.clamav.net (64.69.64.158). Clamd successfully notified about the update. = My system: $uname -a FreeBSD xx.xx.xx 4.7-RELEASE FreeBSD 4.7-RELEASE #6: Sun Mar 9 12:38:46 KRAT 2003 [EMAIL PROTECTED]:/usr/src/sys/compile/INET i386 $ gcc -v Using builtin specs. gcc version 2.95.4 20020320 [FreeBSD] = configured with: ./configure --prefix=/usr/local/clamav --with-user=root --with-group=wheel - -with-dbdir=/usr/local/clamav/bases = My configs clamav.conf: LogFile /var/log/clamd.log LogFileMaxSize 0 LogTime LogVerbose PidFile /usr/local/clamav/run/clamd.pid LocalSocket /usr/local/clamav/socket/clamd.sock FixStaleSocket MaxConnectionQueueLength 100 UseProcesses MaxThreads 20 ThreadTimeout 500 MaxDirectoryRecursion 1 Foreground Debug ScanOLE2 ScanMail ScanArchive ScanRAR ArchiveMaxFileSize 30M ArchiveMaxRecursion 50 ArchiveMaxFiles 1000 ArchiveMaxCompressionRatio 500 === freshclam.conf: LogVerbose DatabaseMirror database.clamav.net MaxAttempts 3 NotifyClamd So clamd and freshclam starts au root. 2) Question: LibClamAV uses /var/tmp as temporary directory: LibClamAV debug: Unpacking /var/tmp//8548d795bb919ad9/COPYING How I can change this setting? For example, use /usr/local/clamav/tmp? Creating soft link instead of /var/tmp is not decision - for my case :) Thanks. Sorry for large message :) -- With best regards, Andrey V. Malyshev. E-mail: [EMAIL PROTECTED] --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] BUG? and question
Hello! 1) clamav-devel-20040127: clamd crashes without any log records when virus bases reloading command sent. It appears _only_ when UseProcesses in clamav.conf is enable. Steps to reproduce: - start clamd - erase daily.cvd - start freshclam with "daemon-notify" === Debug log: LibClamAV debug: Loading databases from /usr/local/clamav/bases LibClamAV debug: Loading /usr/local/clamav/bases/main.cvd LibClamAV debug: /usr/local/clamav/bases/main.cvd: CVD file detected LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 46b4b24055925f69a6d5d7802dbd1479 LibClamAV debug: Decoded signature: 46b4b24055925f69a6d5d7802dbd1479 LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /var/tmp//8548d795bb919ad9/COPYING LibClamAV debug: Unpacking /var/tmp//8548d795bb919ad9/viruses.db LibClamAV debug: Loading databases from /var/tmp//8548d795bb919ad9 LibClamAV debug: Loading /var/tmp//8548d795bb919ad9/viruses.db LibClamAV debug: Initializing trie. LibClamAV debug: Loading /usr/local/clamav/bases/daily.cvd LibClamAV debug: /usr/local/clamav/bases/daily.cvd: CVD file detected LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 30026198a02d30a7bc70dd0d220551e2 LibClamAV debug: Decoded signature: 30026198a02d30a7bc70dd0d220551e2 LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /var/tmp//e368b490ddfee329/COPYING LibClamAV debug: Unpacking /var/tmp//e368b490ddfee329/viruses.db2 LibClamAV debug: Loading databases from /var/tmp//e368b490ddfee329 LibClamAV debug: Loading /var/tmp//e368b490ddfee329/viruses.db2 Broken pipe === clamd log: Wed Jan 28 21:24:19 2004 -> Reading databases from /usr/local/clamav/bases Wed Jan 28 21:24:23 2004 -> Database correctly reloaded (20583 viruses) And that's all here. === freshclam log: ClamAV update process started at Wed Jan 28 21:24:13 2004 Reading CVD header (main.cvd): OK main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm) Reading CVD header (daily.cvd): OK Downloading daily.cvd [*] daily.cvd updated (version: 110, sigs: 596, f-level: 1, builder: tomek) Database updated (20583 signatures) from database.clamav.net (64.69.64.158). Clamd successfully notified about the update. = My system: $uname -a FreeBSD xx.xx.xx 4.7-RELEASE FreeBSD 4.7-RELEASE #6: Sun Mar 9 12:38:46 KRAT 2003 [EMAIL PROTECTED]:/usr/src/sys/compile/INET i386 $ gcc -v Using builtin specs. gcc version 2.95.4 20020320 [FreeBSD] = configured with: ./configure --prefix=/usr/local/clamav --with-user=root --with-group=wheel - -with-dbdir=/usr/local/clamav/bases = My configs clamav.conf: LogFile /var/log/clamd.log LogFileMaxSize 0 LogTime LogVerbose PidFile /usr/local/clamav/run/clamd.pid LocalSocket /usr/local/clamav/socket/clamd.sock FixStaleSocket MaxConnectionQueueLength 100 UseProcesses MaxThreads 20 ThreadTimeout 500 MaxDirectoryRecursion 1 Foreground Debug ScanOLE2 ScanMail ScanArchive ScanRAR ArchiveMaxFileSize 30M ArchiveMaxRecursion 50 ArchiveMaxFiles 1000 ArchiveMaxCompressionRatio 500 === freshclam.conf: LogVerbose DatabaseMirror database.clamav.net MaxAttempts 3 NotifyClamd So clamd and freshclam starts au root. 2) Question: LibClamAV uses /var/tmp as temporary directory: LibClamAV debug: Unpacking /var/tmp//8548d795bb919ad9/COPYING How I can change this setting? For example, use /usr/local/clamav/tmp? Creating soft link instead of /var/tmp is not decision - for my case :) Thanks. Sorry for large message :) -- With best regards, Andrey V. Malyshev. E-mail: [EMAIL PROTECTED] --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] BUG: clamd not handling out of memory properly?
On Fri, 21 Nov 2003 16:49:57 +1300 Jason Haar <[EMAIL PROTECTED]> wrote: Hi Jason, I will check it ASAP. Thank you for your great work on Qmail-Scanner ! Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Nov 21 06:21:41 CET 2003 pgp0.pgp Description: PGP signature
[Clamav-users] BUG: clamd not handling out of memory properly?
Hi there I am running clamd under daemontools, with softlimit to limit the amount of memory clamd can grow to. I upgraded to 0.65 from a (much) older release, and ran into all sorts of problems. Basically it would run fine for a while, and then clamd would die in such a fashion that it was still hanging around, and all future clamdscan calls would hang, waiting for clamd to do something. In the end I found it was due to clamd needing to grow >20M RAM (this is under RH 8). I upped softlimit to 30M and it appears fine again. (it's to do with the file size - small files - small memory, large file - bang!) I turned on debugging via clamav.conf, and what happened when clamd ran out of memory is that it reported "Unexpected error.", and then ps would show this zombie process "[clamd ]". At this stage clamdscan stops working. I've gone back and forth between 20 and 30M, and can repeat this every time. BTW: shouldn't clamdscan have some form of sanity check whereby it'll exit if it doesn't hear from clamd after some time? Maybe if clamd would guarantee to send dots or something every 5 secs, then after (say) 15 secs, clamdscan could exit with something like "clamd is down" error? Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Bug in milter...
Tobias Rice wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sorry if this posts twice! Not sure if this has been reported yet, but while trying to compile on RH9 (./configure --sysconfdir=/etc --enable-milter) the operation fails: Hi Tobias, if you not sure about some problem was reported, look at mailing list archive. They are searchable. You will find even more valuable info there. Links to mailing list archives can be found on http://clamav.net/ml.html#pagestart Regs Petr --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Bug in milter...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sorry if this posts twice! Not sure if this has been reported yet, but while trying to compile on RH9 (./configure --sysconfdir=/etc --enable-milter) the operation fails: make[1]: *** No rule to make target `../docs/clamav-milter.8', needed by `all-am'. Stop. make[1]: Leaving directory `/root/clamav-0.65/clamav-milter' make: *** [all-recursive] Error 1 The typo is in the milter Makefile: WAS: man_MANS = ../docs/clamav-milter.8 CHANGED TO: man_MANS = ../docs/man/clamav-milter.8 Thanks for all of your hard work! -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQE/u7mV8SyNUqEG5J0RAqDQAJ4/AQ1T9SjiHKVSgPVJqTg2JUE0igCeIbc0 1KY3Qqe5NvJCEpArXT5BsAI= =xewB -END PGP SIGNATURE- --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Bug in clamav-milter
Found a bug in today's snapshot of clamav-milter. The following patch fixes. --- clamav-milter.c.orig2003-10-03 11:25:03.0 -0600 +++ clamav-milter.c 2003-10-03 11:17:31.0 -0600 @@ -483,7 +483,7 @@ * is set in the config file */ if((max_children == 0) && ((cpt = cfgopt(copt, "MaxThreads")) != NULL)) - max_children = atoi(cpt->strarg); + max_children = cpt->numarg; /* * Get the outgoing socket details - the way to talk to clamd -- Orion Poplawski System Administrator 303-415-9701 x222 Colorado Research Associates/NWRA FAX: 303-415-9702 3380 Mitchell Lane, Boulder CO 80301 http://www.co-ra.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Bug in 0.60 Cygwin compile (workaround)
Hi, I'm not sure if this is solved in a newer development version, so these instructions are mostly for those like me trying to figure out how to get this compile to work. First, upgrade to the latest compiler, etc, using the Cygwin installer. For reference, I used cygwin 1.5.4-1, gcc 3.2-3, make 3.80-1, and zlib 1.1.4-4. Next, edit the file /freshclam/freshclam.c On or near line 41 is the code: #ifndef C_CYGWIN struct passwd *user; char *newdir; This needs to be modified (move the #ifndef line down) to read: struct passwd *user; char *newdir; #ifndef C_CYGWIN This will resolve an error during compilation about newdir not being defined. Finally, issue the commands: ./configure --disable-clamav make make install After this, clamscan seems to work, it found the test viruses. However, freshclam did not appear to update. It returned the error (after reading and checking the md5 sums and downloading viruses.dbdone: ERROR: The checksum of viruses.db database isn't ok. Please check it yourself or try again. The file dates for viruses.db and viruses2.db in the \usr\local\share\clamav directory seem to indicate that it did the update anyways. Good luck, Jeff NOTE TO MODERATOR: Sorry for the duplicate message. I sent the original to the list anonymously on 17 Sep, but did not see it come through. __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
