Re: [Clamav-users] clam not fresh
Kevin T. said: > On Fri, 26 Mar 2004, Tomasz Papszun wrote: > >> On Thu, 25 Mar 2004 at 16:18:38 -0800, Brian W. Antoine wrote: >> > >> > I'm updating from clamav.elektrapro.com and starting a short >> time ago it >> > now wants >> > to update viruses.db, but the checksum fails after the download. >> The >> > mirror at ozforces >> > does the same thing. >> > >> > This isn't the issue that started this thread, but it appears >> to be a >> > good place >> > to mention that something else is going wrong with the downloads >> also. >> >> You use old version of ClamAV. Please upgrade. >> > Actually, I'm running ClamAV version 0.70-rc and getting the same > message. > Anyone else having this issue? > Not me. 0.70-rc seems pretty stable here. -- Bob Greene --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam not fresh
Actually, I'm running ClamAV version 0.70-rc and getting the same message. Anyone else having this issue? On Fri, 26 Mar 2004, Tomasz Papszun wrote: > On Thu, 25 Mar 2004 at 16:18:38 -0800, Brian W. Antoine wrote: > > > > I'm updating from clamav.elektrapro.com and starting a short time ago it > > now wants > > to update viruses.db, but the checksum fails after the download. The > > mirror at ozforces > > does the same thing. > > > > This isn't the issue that started this thread, but it appears to be a > > good place > > to mention that something else is going wrong with the downloads also. > > You use old version of ClamAV. Please upgrade. > > -- > Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only > [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. > [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam not fresh
At 01:11 PM 3/26/2004, you wrote: On Thu, 25 Mar 2004 at 21:42:57 -0800, Brian W. Antoine wrote: > > I just ran freshclam again and instead of downloading viruses.db and > then giving me a checksum error it now claims: > > Connected to clamav.elektrapro.com. > Reading md5 sum (viruses.md5): ERROR: md5 sum not found on remote server > ERROR: Can't get viruses.md5 sum from clamav.elektrapro.com > > Obviously somebodies figured out that the checksums were broken and > is playing with the files. I don't want your problem see ignored, so - though I don't know if somebody was plaing with the files or not - I'd like just to be sure that now it's OK. Is it? Yes, sometime since I wrote my reply last night the problem was corrected and I can once again do a freshclam from elektrapro and get a good reply. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam not fresh
On Thu, 25 Mar 2004 at 21:42:57 -0800, Brian W. Antoine wrote: > > I just ran freshclam again and instead of downloading viruses.db and > then giving me a checksum error it now claims: > > Connected to clamav.elektrapro.com. > Reading md5 sum (viruses.md5): ERROR: md5 sum not found on remote server > ERROR: Can't get viruses.md5 sum from clamav.elektrapro.com > > Obviously somebodies figured out that the checksums were broken and > is playing with the files. I don't want your problem see ignored, so - though I don't know if somebody was plaing with the files or not - I'd like just to be sure that now it's OK. Is it? -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam not fresh
On Fri, 26 Mar 2004 15:27:23 - "Randal, Phil" <[EMAIL PROTECTED]> wrote: > I think it is time for you to erase ALL of your clamAV > files, wherever you have them scattered, and reinstall > and reconfigure, so you only have one set of .conf files > and one set of .cvd files, and then reboot. Reboot ? ClamAV doesn't load any vxd's ;-) -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Mar 26 17:37:05 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] clam not fresh
On Fri, 26 Mar 2004 09:14:08 -0600, Mark Novak <[EMAIL PROTECTED]> wrote: >> Jim >> >My number of signatures is exactly the same as yours. When I grep for >somefool, I stop at M. > >I do still have the old style signatures located in /usr/share/clamav >from clam-0.65. Tomasz mentioned in an earlier post that this could be >the problem. I am wondering if I should change the freshclam.conf >database line from /var/lib/clamav to /usr/share/clamav? > >It seems to me that I am updated, as I have the same number of >signatures as you do, but when I grep it for somefool, maybe it is >going to the old set in the other directory? > >What do you think? > >Thanks, > >Mark > H.. Looking at my system with 0.70RC-1 installed, I find [$ ls -l /var/lib/clamav total 992 -rw-r--r-- 1 clamav clamav 59601 Mar 26 04:17 daily.cvd -rw-r--r-- 1 clamav clamav 944351 Mar 16 13:48 main.cvd $ locate daily.cvd /var/lib/clamav/daily.cvd /usr/local/share/clamav/daily.cvd $ ls -l /usr/local/share/clamav/ total 976 -rw-r--r-- 1 clamav clamav 47654 Mar 19 12:47 daily.cvd -rw-rw-r-- 1 clamav clamav 944351 Mar 19 12:34 main.cvd So, The updates are going into /var/lib clamav.conf says # Path to the database directory. # Default is the hardcoded directory (mostly /usr/local/share/clamav, # but it depends on installation options). #DatabaseDirectory /var/lib/clamav So, just to be safe, I'm going to uncomment the DatabaseDirectory line, delete /usr/local/share/clamav/*.cvd, and restart everything. OK it may have been an artifact of the initial installation, but after chaning clamav.conf, stopping sendmail, clamav-milter, and clamd, deleting /usr/local/share/clamav, then restarting the 3 services and running freschclam, it appears everyone is looking at /var/lib/clamav. -- Steve --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam not fresh [Solved]
All, I think it is time for you to erase ALL of your clamAV files, wherever you have them scattered, and reinstall and reconfigure, so you only have one set of .conf files and one set of .cvd files, and then reboot. At least then you'll know where to look and/or get meaningful error messages. I solved the problem by changing the DatabaseDirectory to /usr/local/share/clamav instead of /var/lib/clamav. I then ran freshclam and it updated correctly and shows the correct number of somefool signatures. Last, I deleted the /var/lib/clamav directory that I should never have created. Thanks for everyone's help! Thanks, Mark Novak --- [This E-mail scanned for viruses by Declude Virus] --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clam not fresh
Mark Novak Sent: Friday, March 26, 2004 10:14 AM > It seems to me that I am updated, as I have the same number of > signatures as you do, but when I grep it for somefool, maybe it is > going to the old set in the other directory? This, apparently, is my problem. Read my post from yesterday about how I copied my CVDs from one folder on top of the ones in another folder. Try that and then maybe it will work. I still havn't figured out my problem though since I apparently need to change the path in clamav before compiling. I barely know what compiling is. cheers, Colin Colin A. Bartlett Kinetic Web Solutions www.kineticweb.biz --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clam not fresh
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Mark Novak > Sent: Friday, March 26, 2004 10:14 AM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] clam not fresh > > My number of signatures is exactly the same as yours. When I grep for > somefool, I stop at M. > > I do still have the old style signatures located in /usr/share/clamav > from clam-0.65. Tomasz mentioned in an earlier post that this could be > the problem. I am wondering if I should change the freshclam.conf > database line from /var/lib/clamav to /usr/share/clamav? > > It seems to me that I am updated, as I have the same number of > signatures as you do, but when I grep it for somefool, maybe it is > going to the old set in the other directory? > > What do you think? I would remove the copy in /usr/share/clamav. If you are using clamscan, then having /var/lib/clamav as the database directory in /etc/clamav.conf doesnt make any difference because clamscan does not listen to this config file. /etc/clamav.conf is for clamDscan only. You can specify the database path on the command line with clamscan using --database=FILE/DIR. However i would just remove the /usr/share copy of the database to prevent future confusion. Jim --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clam not fresh
> I do still have the old style signatures located in > /usr/share/clamav from clam-0.65. Tomasz mentioned > in an earlier post that this could be the problem. > I am wondering if I should change the freshclam.conf > database line from /var/lib/clamav to /usr/share/clamav? > > It seems to me that I am updated, as I have the same > number of signatures as you do, but when I grep it > for somefool, maybe it is going to the old set in > the other directory? > > What do you think? I think it is time for you to erase ALL of your clamAV files, wherever you have them scattered, and reinstall and reconfigure, so you only have one set of .conf files and one set of .cvd files, and then reboot. At least then you'll know where to look and/or get meaningful error messages. Cheers, Phil - Phil Randal Network Engineer Herefordshire Council Hereford, UK --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam not fresh
Jim, On Mar 26, 2004, at 8:43 AM, Jim Maul wrote: I did exactly that, deleted the cvd files and re-ran freshclam. I am only showing through SomeFool.M, no O, P or P-dll. Any ideas or tips appreciated. Thanks, Mark Well, being that this makes no sense, the only thing i can suggest is to try another mirror. If you are not specifying one explicitly then you should get a different one almost every time you run freshclam so i dont know why this would matter, but i am running out of ideas. What is the total number of viruses it says for your database? Try this [EMAIL PROTECTED] jmaul]# sigtool -i /var/lib/clamav/main.cvd Build time: 29 Feb 2004 18-19 +0100 Version: 21 # of signatures: 20094 Functionality level: 1 Builder: tkojm MD5: a20b254aa5f6b97dcafc115a63c8af4e Digital signature: rpzUhP4jcYOSj/tMnkU5zPs3GbJWsdmj2+7Z4BkUGOfN8pS0XnQ2qJY1TF/ 1P4jeadvBVNoCwJiI wamnGtBO8fTnLiMgMXSiy/ L1odsalY0iCyRmxzYNqWUoG6Q3CMhEJ8M9c8idT7LBGYHwtKCBv0hH hIIrkqS2jh5V0XAxIwh Verification OK. [EMAIL PROTECTED] jmaul]# sigtool -i /var/lib/clamav/daily.cvd Build time: 26 Mar 2004 10-20 +0100 Version: 217 # of signatures: 615 Functionality level: 1 Builder: diego MD5: 4c963cdbafb148be77556bf0cc9a Digital signature: QhYZD+fLArMzj4Eukpl7HCNZVgPw3aNNYyx860Mb2tj8CFXTHNZSM6L0k+pUtLKXa8wFbLj FPQCF fnmiE0GiB5zjzT/oyzeFpXhmNH3axBrhQZ/h/qkN/XZgDgX2Dl4g9tv75uzu/ XbAtNcbWBl04TPE wkbu2Dq1aE5Ml0hlZfh Verification OK. see if the "# of signatures" matches what i have here. Jim My number of signatures is exactly the same as yours. When I grep for somefool, I stop at M. I do still have the old style signatures located in /usr/share/clamav from clam-0.65. Tomasz mentioned in an earlier post that this could be the problem. I am wondering if I should change the freshclam.conf database line from /var/lib/clamav to /usr/share/clamav? It seems to me that I am updated, as I have the same number of signatures as you do, but when I grep it for somefool, maybe it is going to the old set in the other directory? What do you think? Thanks, Mark --- [This E-mail scanned for viruses by Declude Virus] --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clam not fresh
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Mark Novak > Sent: Thursday, March 25, 2004 5:37 PM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] clam not fresh > > > I did exactly that, deleted the cvd files and re-ran freshclam. I am > only showing through SomeFool.M, no O, P or P-dll. > > Any ideas or tips appreciated. > > Thanks, > > Mark Well, being that this makes no sense, the only thing i can suggest is to try another mirror. If you are not specifying one explicitly then you should get a different one almost every time you run freshclam so i dont know why this would matter, but i am running out of ideas. What is the total number of viruses it says for your database? Try this [EMAIL PROTECTED] jmaul]# sigtool -i /var/lib/clamav/main.cvd Build time: 29 Feb 2004 18-19 +0100 Version: 21 # of signatures: 20094 Functionality level: 1 Builder: tkojm MD5: a20b254aa5f6b97dcafc115a63c8af4e Digital signature: rpzUhP4jcYOSj/tMnkU5zPs3GbJWsdmj2+7Z4BkUGOfN8pS0XnQ2qJY1TF/1P4jeadvBVNoCwJiI wamnGtBO8fTnLiMgMXSiy/L1odsalY0iCyRmxzYNqWUoG6Q3CMhEJ8M9c8idT7LBGYHwtKCBv0hH hIIrkqS2jh5V0XAxIwh Verification OK. [EMAIL PROTECTED] jmaul]# sigtool -i /var/lib/clamav/daily.cvd Build time: 26 Mar 2004 10-20 +0100 Version: 217 # of signatures: 615 Functionality level: 1 Builder: diego MD5: 4c963cdbafb148be77556bf0cc9a Digital signature: QhYZD+fLArMzj4Eukpl7HCNZVgPw3aNNYyx860Mb2tj8CFXTHNZSM6L0k+pUtLKXa8wFbLjFPQCF fnmiE0GiB5zjzT/oyzeFpXhmNH3axBrhQZ/h/qkN/XZgDgX2Dl4g9tv75uzu/XbAtNcbWBl04TPE wkbu2Dq1aE5Ml0hlZfh Verification OK. see if the "# of signatures" matches what i have here. Jim --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam not fresh
At 07:09 PM 3/25/04, you wrote: >On Thu, 25 Mar 2004 at 18:39:29 -0800, Brian W. Antoine wrote: >> At 05:24 PM 3/25/04, Tomasz Papszun wrote: >> >On Thu, 25 Mar 2004 at 16:18:38 -0800, Brian W. Antoine wrote: >> >> >> >> I'm updating from clamav.elektrapro.com and starting a short time ago it >> >> now wants >> >> to update viruses.db, but the checksum fails after the download. The >> >> mirror at ozforces >> >> does the same thing. >> >> >> >> This isn't the issue that started this thread, but it appears to be a >> >> good place >> >> to mention that something else is going wrong with the downloads also. >> > >> >You use old version of ClamAV. Please upgrade. >> >> So what versions are no longer supported? >> > >We still support old-format databases (you can check the list archives >for Tomasz Kojm's message about for how long in the future - I don't >remember this) but old versions (using old-format database) are, as a >whole, significantly worse than current versions. Having finally gotten a version with patches that only goes to sleep about once a week and locks up my production mail servers, I'm going to be real careful about upgrading to newer versions when the mailing list has one message after another about problems with them. >So unless you have some really, really important reasons to use old >version, you should upgrade. >If you can't and you still have some problems with updating database, >please write again with details. I just ran freshclam again and instead of downloading viruses.db and then giving me a checksum error it now claims: Connected to clamav.elektrapro.com. Reading md5 sum (viruses.md5): ERROR: md5 sum not found on remote server ERROR: Can't get viruses.md5 sum from clamav.elektrapro.com Obviously somebodies figured out that the checksums were broken and is playing with the files. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam not fresh
On Thu, 25 Mar 2004 at 18:39:29 -0800, Brian W. Antoine wrote: > At 05:24 PM 3/25/04, Tomasz Papszun wrote: > >On Thu, 25 Mar 2004 at 16:18:38 -0800, Brian W. Antoine wrote: > >> > >> I'm updating from clamav.elektrapro.com and starting a short time ago it > >> now wants > >> to update viruses.db, but the checksum fails after the download. The > >> mirror at ozforces > >> does the same thing. > >> > >> This isn't the issue that started this thread, but it appears to be a > >> good place > >> to mention that something else is going wrong with the downloads also. > > > >You use old version of ClamAV. Please upgrade. > > So what versions are no longer supported? > We still support old-format databases (you can check the list archives for Tomasz Kojm's message about for how long in the future - I don't remember this) but old versions (using old-format database) are, as a whole, significantly worse than current versions. So unless you have some really, really important reasons to use old version, you should upgrade. If you can't and you still have some problems with updating database, please write again with details. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam not fresh
At 05:24 PM 3/25/04, Tomasz Papszun wrote: >On Thu, 25 Mar 2004 at 16:18:38 -0800, Brian W. Antoine wrote: >> >> I'm updating from clamav.elektrapro.com and starting a short time ago it >> now wants >> to update viruses.db, but the checksum fails after the download. The >> mirror at ozforces >> does the same thing. >> >> This isn't the issue that started this thread, but it appears to be a >> good place >> to mention that something else is going wrong with the downloads also. > >You use old version of ClamAV. Please upgrade. So what versions are no longer supported? --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam not fresh
On Thu, 25 Mar 2004 at 16:18:38 -0800, Brian W. Antoine wrote: > > I'm updating from clamav.elektrapro.com and starting a short time ago it > now wants > to update viruses.db, but the checksum fails after the download. The > mirror at ozforces > does the same thing. > > This isn't the issue that started this thread, but it appears to be a > good place > to mention that something else is going wrong with the downloads also. You use old version of ClamAV. Please upgrade. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam not fresh
At 02:56 PM 3/25/2004, you wrote: On Thursday 25 March 2004 10:36 pm, Mark Novak wrote: > > If running the same command on your server does not show the > > SomeFool.P then > > your definitions are NOT up to date. If freshclam insists on saying > > they > > are up to date, i would try deleting them totally and running freshclam > > again. Maybe that will clear up the problem. > > I did exactly that, deleted the cvd files and re-ran freshclam. I am > only showing through SomeFool.M, no O, P or P-dll. > > Any ideas or tips appreciated. Where are you collecting the signature updates from? 1. What is in your /usr/local/share/clamav/mirrors.txt file? 2. When you run freshclam, where does it say it's connecting to when it downloads the database files? I'm updating from clamav.elektrapro.com and starting a short time ago it now wants to update viruses.db, but the checksum fails after the download. The mirror at ozforces does the same thing. This isn't the issue that started this thread, but it appears to be a good place to mention that something else is going wrong with the downloads also. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam not fresh
On Thu, 25 Mar 2004 at 18:19:02 -0500, Colin A. Bartlett wrote: > > Per Tomasz, I first checked the number of signatures reported by freshclam > and it was reporting the correct number. So Per Jim, I deleted both main.cvd > and daily.cvd from /var/lib/clamav and ran freshclam again. It downloaded > them again as expected. But grepping for SomeFool in the sig list still > didn't give me SomeFool.P. So I searched my system for the CVD files and > found a SECOND COPY of them in /usr/local/share/clamav. I checked my Oh, second copy. Problems due to this occur again and again on the list :-) . > /etc/clamav.conf file and it says, as I think it should: > > DatabaseDirectory /var/lib/clamav > > So for kicks, I copied the CVD files from /var/lib/clamav over top of the > ones in /usr/local/share/clamav. That worked! And now when I grep the sig > list for SomeFool I _DO_ get .P. So the question is this: if my clamav.conf > says to use /var/lib/clamav, and freshclam is downloading the files to > there, then why does clamscan use the files in /usr/local/share/clamav? Maybe you compiled ClamAV with this path? -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam not fresh
Colin A. Bartlett [EMAIL PROTECTED] wrote: > Jim Maul Sent: Thursday, March 25, 2004 4:28 PM > > > If freshclam insists on saying they > > are up to date, i would try deleting them totally and running freshclam > > again. Maybe that will clear up the problem. > > Per Tomasz, I first checked the number of signatures reported by freshclam > and it was reporting the correct number. So Per Jim, I deleted both main.cvd > and daily.cvd from /var/lib/clamav and ran freshclam again. It downloaded > them again as expected. But grepping for SomeFool in the sig list still > didn't give me SomeFool.P. So I searched my system for the CVD files and > found a SECOND COPY of them in /usr/local/share/clamav. I checked my > /etc/clamav.conf file and it says, as I think it should: > > DatabaseDirectory /var/lib/clamav > > So for kicks, I copied the CVD files from /var/lib/clamav over top of the > ones in /usr/local/share/clamav. That worked! And now when I grep the sig > list for SomeFool I _DO_ get .P. So the question is this: if my clamav.conf > says to use /var/lib/clamav, and freshclam is downloading the files to > there, then why does clamscan use the files in /usr/local/share/clamav? > > Thanks for your help and patience thus far! > > cheers, > Colin > > Colin A. Bartlett > Kinetic Web Solutions > www.kineticweb.biz > > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users Because you're not telling clamscan where to look for the CVD and it wants to look elsewhere by default? -- Adam Webb - Network Manager --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clam not fresh
Jim Maul Sent: Thursday, March 25, 2004 4:28 PM > If freshclam insists on saying they > are up to date, i would try deleting them totally and running freshclam > again. Maybe that will clear up the problem. Per Tomasz, I first checked the number of signatures reported by freshclam and it was reporting the correct number. So Per Jim, I deleted both main.cvd and daily.cvd from /var/lib/clamav and ran freshclam again. It downloaded them again as expected. But grepping for SomeFool in the sig list still didn't give me SomeFool.P. So I searched my system for the CVD files and found a SECOND COPY of them in /usr/local/share/clamav. I checked my /etc/clamav.conf file and it says, as I think it should: DatabaseDirectory /var/lib/clamav So for kicks, I copied the CVD files from /var/lib/clamav over top of the ones in /usr/local/share/clamav. That worked! And now when I grep the sig list for SomeFool I _DO_ get .P. So the question is this: if my clamav.conf says to use /var/lib/clamav, and freshclam is downloading the files to there, then why does clamscan use the files in /usr/local/share/clamav? Thanks for your help and patience thus far! cheers, Colin Colin A. Bartlett Kinetic Web Solutions www.kineticweb.biz --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam not fresh
On Thursday 25 March 2004 10:36 pm, Mark Novak wrote: > > If running the same command on your server does not show the > > SomeFool.P then > > your definitions are NOT up to date. If freshclam insists on saying > > they > > are up to date, i would try deleting them totally and running freshclam > > again. Maybe that will clear up the problem. > > I did exactly that, deleted the cvd files and re-ran freshclam. I am > only showing through SomeFool.M, no O, P or P-dll. > > Any ideas or tips appreciated. Where are you collecting the signature updates from? 1. What is in your /usr/local/share/clamav/mirrors.txt file? 2. When you run freshclam, where does it say it's connecting to when it downloads the database files? Antony. -- Wanted: telepath. You know where to apply. Please reply to the list; please don't CC me. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam not fresh
See below - On Mar 25, 2004, at 3:28 PM, Jim Maul wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Colin A. Bartlett Sent: Thursday, March 25, 2004 2:47 PM To: [EMAIL PROTECTED] Subject: RE: [Clamav-users] clam not fresh Another poster pointed to testvirus.org for testing. I think you'll find some methods of delivery more effective than others and that clamav will miss some of these. They're not being detected by clam even when running them right through clamscan on the command prompt. I think it's because SomeFool.P isn't in my sig list even though freshclam says I'm up to date. My server shows the following: [EMAIL PROTECTED] bin]# sigtool -l |grep -i somefool Worm.SomeFool Worm.SomeFool.B Worm.SomeFool.B.2 Worm.SomeFool.D Worm.SomeFool.E Worm.SomeFool.F Worm.SomeFool.Gen-1 Worm.SomeFool.Gen-2 Worm.SomeFool.Gen-unp Worm.SomeFool.I Worm.SomeFool.K Worm.SomeFool.L Worm.SomeFool.M Worm.SomeFool.O Worm.SomeFool.P Worm.SomeFool.P-dll If running the same command on your server does not show the SomeFool.P then your definitions are NOT up to date. If freshclam insists on saying they are up to date, i would try deleting them totally and running freshclam again. Maybe that will clear up the problem. And don't eat bad clams. I had a bad oyster the other day but never a bad clam. I stay away from seafood altogether... Jim I did exactly that, deleted the cvd files and re-ran freshclam. I am only showing through SomeFool.M, no O, P or P-dll. Any ideas or tips appreciated. Thanks, Mark --- [This E-mail scanned for viruses by Declude Virus] --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clam not fresh
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Colin A. > Bartlett > Sent: Thursday, March 25, 2004 2:47 PM > To: [EMAIL PROTECTED] > Subject: RE: [Clamav-users] clam not fresh > > > > Another poster pointed to testvirus.org for testing. I think you'll > > find some methods of delivery more effective than others and that > > clamav will miss some of these. > > They're not being detected by clam even when running them right through > clamscan on the command prompt. I think it's because SomeFool.P > isn't in my > sig list even though freshclam says I'm up to date. > My server shows the following: [EMAIL PROTECTED] bin]# sigtool -l |grep -i somefool Worm.SomeFool Worm.SomeFool.B Worm.SomeFool.B.2 Worm.SomeFool.D Worm.SomeFool.E Worm.SomeFool.F Worm.SomeFool.Gen-1 Worm.SomeFool.Gen-2 Worm.SomeFool.Gen-unp Worm.SomeFool.I Worm.SomeFool.K Worm.SomeFool.L Worm.SomeFool.M Worm.SomeFool.O Worm.SomeFool.P Worm.SomeFool.P-dll If running the same command on your server does not show the SomeFool.P then your definitions are NOT up to date. If freshclam insists on saying they are up to date, i would try deleting them totally and running freshclam again. Maybe that will clear up the problem. > > And don't eat bad clams. > > I had a bad oyster the other day but never a bad clam. I stay away from seafood altogether... Jim --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clam not fresh
Colin A. Bartlett said: >> Another poster pointed to testvirus.org for testing. I think >> you'll >> find some methods of delivery more effective than others and that >> clamav will miss some of these. > > They're not being detected by clam even when running them right > through > clamscan on the command prompt. I think it's because SomeFool.P > isn't in my > sig list even though freshclam says I'm up to date. > Well, it works for me. sigtool -i main.cvd reports: Build time: 29 Feb 2004 18-19 +0100 Version: 21 # of signatures: 20094 Functionality level: 1 Builder: tkojm MD5: a20b254aa5f6b97dcafc115a63c8af4e Digital signature: rpzUhP4jcYOSj/tMnkU5zPs3GbJWsdmj2+7Z4BkUGOfN8pS0XnQ2qJY1TF/1P4jeadvBVNoCwJiIwamnGtBO8fTnLiMgMXSiy/L1odsalY0iCyRmxzYNqWUoG6Q3CMhEJ8M9c8idT7LBGYHwtKCBv0hHhIIrkqS2jh5V0XAxIwh Digital signature support not compiled in. Verification OK. sigtool -i daily.cvd reports: Build time: 25 Mar 2004 15-10 +0100 Version: 215 # of signatures: 608 Functionality level: 1 Builder: diego MD5: ea131331b9006fe9139c0527b8a3ace2 Digital signature: jL35pyOXWpm+SrPz1SBpDgVHT72RCDcteU8JqM5C6wIcGR9dOXYBwcacE5ARzEKwtw4ElwCoSwFLVF8mfw8wVVtuN1Ll+EmAJXWf8nDPu69mv4xKE5Y1DNMAQYgZlvuXwQMEzNRjuyvAIyc5aR9d0aD0v8UrpYzNiHj49vDbOne Digital signature support not compiled in. Verification OK. And the log says: /var/spool/qmailscan/tmp/dinky.tclme.org10802154054707319/readme.pif: Worm.SomeFool.P FOUND -- Bob Greene --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clam not fresh
> Another poster pointed to testvirus.org for testing. I think you'll > find some methods of delivery more effective than others and that > clamav will miss some of these. They're not being detected by clam even when running them right through clamscan on the command prompt. I think it's because SomeFool.P isn't in my sig list even though freshclam says I'm up to date. > And don't eat bad clams. I had a bad oyster the other day but never a bad clam. cheers, Colin Colin A. Bartlett Kinetic Web Solutions www.kineticweb.biz --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam not fresh
On Thu, 25 Mar 2004 at 9:52:26 -0500, Colin A. Bartlett wrote: > > I've upgraded my ClamAV and I'm no longer getting errors on freshclam. > However it doesn't seem to be updated. I noticed some viruses slipping > through and ran them through the online scanner. Some were identified as > SomeFool.P. I grepped my sigtool -l list for SomeFool and .P isn't listed. > But freshclam says main.cvd and daily.cvd are up to date. > What is the end of your freshclam log? Should be similar to this (I mean numbers of sigs): ClamAV update process started at Thu Mar 25 18:52:31 2004 main.cvd is up to date (version: 21, sigs: 20094, f-level: 1, builder: tkojm) daily.cvd updated (version: 215, sigs: 608, f-level: 1, builder: diego) Database updated (20702 signatures) from database.clamav.net (209.94.36.5). If not, we'll try to search for the reason. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clam not fresh
Colin A. Bartlett said: > Hello All > > I've upgraded my ClamAV and I'm no longer getting errors on > freshclam. > However it doesn't seem to be updated. I noticed some viruses > slipping > through and ran them through the online scanner. Some were > identified as > SomeFool.P. I grepped my sigtool -l list for SomeFool and .P isn't > listed. > But freshclam says main.cvd and daily.cvd are up to date. > > Any ideas? Thanks as always. > Another poster pointed to testvirus.org for testing. I think you'll find some methods of delivery more effective than others and that clamav will miss some of these. And don't eat bad clams. -- Bob Greene --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users