Re: [Clamav-users] clam not fresh

2004-03-27 Thread [EMAIL PROTECTED]
Kevin T. said:
> On Fri, 26 Mar 2004, Tomasz Papszun wrote:
>
>> On Thu, 25 Mar 2004 at 16:18:38 -0800, Brian W. Antoine wrote:
>> >
>> >   I'm updating from clamav.elektrapro.com and starting a short
>> time ago it
>> > now wants
>> > to update viruses.db, but the checksum fails after the download.
>>  The
>> > mirror at ozforces
>> > does the same thing.
>> >
>> >   This isn't the issue that started this thread, but it appears
>> to be a
>> > good place
>> > to mention that something else is going wrong with the downloads
>> also.
>>
>> You use old version of ClamAV. Please upgrade.
>>
> Actually, I'm running ClamAV version 0.70-rc and getting the same
> message.
> Anyone else having this issue?
>

Not me.  0.70-rc seems pretty stable here.

-- 

Bob Greene


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] clam not fresh

2004-03-27 Thread Kevin T.
Actually, I'm running ClamAV version 0.70-rc and getting the same message.  
Anyone else having this issue?

On Fri, 26 Mar 2004, Tomasz Papszun wrote:

> On Thu, 25 Mar 2004 at 16:18:38 -0800, Brian W. Antoine wrote:
> > 
> >   I'm updating from clamav.elektrapro.com and starting a short time ago it 
> > now wants
> > to update viruses.db, but the checksum fails after the download.  The 
> > mirror at ozforces
> > does the same thing.
> > 
> >   This isn't the issue that started this thread, but it appears to be a 
> > good place
> > to mention that something else is going wrong with the downloads also.
> 
> You use old version of ClamAV. Please upgrade.
> 
> -- 
>  Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
>  [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
>  [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner
> 
> 
> ---
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
> 


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] clam not fresh

2004-03-26 Thread Brian W. Antoine
At 01:11 PM 3/26/2004, you wrote:
On Thu, 25 Mar 2004 at 21:42:57 -0800, Brian W. Antoine wrote:
>
>   I just ran freshclam again and instead of downloading viruses.db and
> then giving me a checksum error it now claims:
>
> Connected to clamav.elektrapro.com.
> Reading md5 sum (viruses.md5): ERROR: md5 sum not found on remote server
> ERROR: Can't get viruses.md5 sum from clamav.elektrapro.com
>
>   Obviously somebodies figured out that the checksums were broken and
> is playing with the files.
I don't want your problem see ignored, so - though I don't know if
somebody was plaing with the files or not - I'd like just to be sure
that now it's OK. Is it?
  Yes, sometime since I wrote my reply last night the problem was
corrected and I can once again do a freshclam from elektrapro and
get a good reply.


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] clam not fresh

2004-03-26 Thread Tomasz Papszun
On Thu, 25 Mar 2004 at 21:42:57 -0800, Brian W. Antoine wrote:
> 
>   I just ran freshclam again and instead of downloading viruses.db and
> then giving me a checksum error it now claims:
> 
> Connected to clamav.elektrapro.com.
> Reading md5 sum (viruses.md5): ERROR: md5 sum not found on remote server
> ERROR: Can't get viruses.md5 sum from clamav.elektrapro.com
> 
>   Obviously somebodies figured out that the checksums were broken and
> is playing with the files.

I don't want your problem see ignored, so - though I don't know if
somebody was plaing with the files or not - I'd like just to be sure
that now it's OK. Is it?

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] clam not fresh

2004-03-26 Thread Tomasz Kojm
On Fri, 26 Mar 2004 15:27:23 -
"Randal, Phil" <[EMAIL PROTECTED]> wrote:

> I think it is time for you to erase ALL of your clamAV
> files, wherever you have them scattered, and reinstall
> and reconfigure, so you only have one set of .conf files
> and one set of .cvd files, and then reboot.

Reboot ? ClamAV doesn't load any vxd's ;-)

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Fri Mar 26 17:37:05 CET 2004


pgp0.pgp
Description: PGP signature


Re: [Clamav-users] clam not fresh

2004-03-26 Thread Steven Stern
On Fri, 26 Mar 2004 09:14:08 -0600, Mark Novak <[EMAIL PROTECTED]> wrote:


>> Jim
>>
>My number of signatures is exactly the same as yours.  When I grep for  
>somefool, I stop at M.
>
>I do still have the old style signatures located in /usr/share/clamav  
>from clam-0.65.  Tomasz mentioned in an earlier post that this could be  
>the problem.  I am wondering if I should change the freshclam.conf  
>database line from /var/lib/clamav to /usr/share/clamav?
>
>It seems to me that I am updated, as I have the same number of  
>signatures as you do, but when I grep it for somefool, maybe it is  
>going to the old set in the other directory?
>
>What do you think?
>
>Thanks,
>
>Mark
>


H..

Looking at my system with 0.70RC-1 installed, I find

[$ ls -l /var/lib/clamav
total 992
-rw-r--r--  1 clamav clamav  59601 Mar 26 04:17 daily.cvd
-rw-r--r--  1 clamav clamav 944351 Mar 16 13:48 main.cvd
$ locate daily.cvd
/var/lib/clamav/daily.cvd
/usr/local/share/clamav/daily.cvd
$ ls -l /usr/local/share/clamav/
total 976
-rw-r--r--  1 clamav clamav  47654 Mar 19 12:47 daily.cvd
-rw-rw-r--  1 clamav clamav 944351 Mar 19 12:34 main.cvd

So, The updates are going into /var/lib

clamav.conf says

# Path to the database directory.
# Default is the hardcoded directory (mostly /usr/local/share/clamav,
# but it depends on installation options).
#DatabaseDirectory /var/lib/clamav

So, just to be safe, I'm going to uncomment the DatabaseDirectory line, delete
/usr/local/share/clamav/*.cvd, and restart everything.



OK it may have been an artifact of the initial installation, but after
chaning clamav.conf,  stopping sendmail, clamav-milter, and clamd, deleting
/usr/local/share/clamav, then restarting the 3 services and running
freschclam, it appears everyone is looking at /var/lib/clamav.
--
   Steve
   


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] clam not fresh [Solved]

2004-03-26 Thread Mark Novak
All,


I think it is time for you to erase ALL of your clamAV
files, wherever you have them scattered, and reinstall
and reconfigure, so you only have one set of .conf files
and one set of .cvd files, and then reboot.
At least then you'll know where to look and/or get
meaningful error messages.
I solved the problem by changing the DatabaseDirectory to 
/usr/local/share/clamav instead of /var/lib/clamav.  I then ran 
freshclam and it updated correctly and shows the correct number of 
somefool signatures.  Last, I deleted the /var/lib/clamav directory 
that I should never have created.

Thanks for everyone's help!

Thanks,

Mark Novak

---
[This E-mail scanned for viruses by Declude Virus]


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


RE: [Clamav-users] clam not fresh

2004-03-26 Thread Colin A. Bartlett
Mark Novak Sent: Friday, March 26, 2004 10:14 AM

> It seems to me that I am updated, as I have the same number of
> signatures as you do, but when I grep it for somefool, maybe it is
> going to the old set in the other directory?

This, apparently, is my problem. Read my post from yesterday about how I
copied my CVDs from one folder on top of the ones in another folder. Try
that and then maybe it will work. I still havn't figured out my problem
though since I apparently need to change the path in clamav before
compiling. I barely know what compiling is.

cheers,
Colin

Colin A. Bartlett
Kinetic Web Solutions
www.kineticweb.biz



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


RE: [Clamav-users] clam not fresh

2004-03-26 Thread Jim Maul


> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mark Novak
> Sent: Friday, March 26, 2004 10:14 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] clam not fresh
>
> My number of signatures is exactly the same as yours.  When I grep for
> somefool, I stop at M.
>
> I do still have the old style signatures located in /usr/share/clamav
> from clam-0.65.  Tomasz mentioned in an earlier post that this could be
> the problem.  I am wondering if I should change the freshclam.conf
> database line from /var/lib/clamav to /usr/share/clamav?
>
> It seems to me that I am updated, as I have the same number of
> signatures as you do, but when I grep it for somefool, maybe it is
> going to the old set in the other directory?
>
> What do you think?


I would remove the copy in /usr/share/clamav.  If you are using clamscan,
then having /var/lib/clamav as the database directory in /etc/clamav.conf
doesnt make any difference because clamscan does not listen to this config
file.  /etc/clamav.conf is for clamDscan only.  You can specify the database
path on the command line with clamscan using --database=FILE/DIR.  However i
would just remove the /usr/share copy of the database to prevent future
confusion.

Jim



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


RE: [Clamav-users] clam not fresh

2004-03-26 Thread Randal, Phil
> I do still have the old style signatures located in 
> /usr/share/clamav from clam-0.65.  Tomasz mentioned
> in an earlier post that this could be the problem.
> I am wondering if I should change the freshclam.conf  
> database line from /var/lib/clamav to /usr/share/clamav?
> 
> It seems to me that I am updated, as I have the same
> number of signatures as you do, but when I grep it
> for somefool, maybe it is going to the old set in
> the other directory?
> 
> What do you think?

I think it is time for you to erase ALL of your clamAV
files, wherever you have them scattered, and reinstall
and reconfigure, so you only have one set of .conf files
and one set of .cvd files, and then reboot.

At least then you'll know where to look and/or get
meaningful error messages.

Cheers,

Phil
-
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] clam not fresh

2004-03-26 Thread Mark Novak
Jim,

On Mar 26, 2004, at 8:43 AM, Jim Maul wrote:



I did exactly that, deleted the cvd files and re-ran freshclam.  I am
only showing through SomeFool.M, no O, P or P-dll.
Any ideas or tips appreciated.

Thanks,

Mark


Well, being that this makes no sense, the only thing i can suggest is  
to try
another mirror.  If you are not specifying one explicitly then you  
should
get a different one almost every time you run freshclam so i dont know  
why
this would matter, but i am running out of ideas.  What is the total  
number
of viruses it says for your database?

Try this

[EMAIL PROTECTED] jmaul]# sigtool -i /var/lib/clamav/main.cvd
Build time: 29 Feb 2004 18-19 +0100
Version: 21
# of signatures: 20094
Functionality level: 1
Builder: tkojm
MD5: a20b254aa5f6b97dcafc115a63c8af4e
Digital signature:
rpzUhP4jcYOSj/tMnkU5zPs3GbJWsdmj2+7Z4BkUGOfN8pS0XnQ2qJY1TF/ 
1P4jeadvBVNoCwJiI
wamnGtBO8fTnLiMgMXSiy/ 
L1odsalY0iCyRmxzYNqWUoG6Q3CMhEJ8M9c8idT7LBGYHwtKCBv0hH
hIIrkqS2jh5V0XAxIwh
Verification OK.

[EMAIL PROTECTED] jmaul]# sigtool -i /var/lib/clamav/daily.cvd
Build time: 26 Mar 2004 10-20 +0100
Version: 217
# of signatures: 615
Functionality level: 1
Builder: diego
MD5: 4c963cdbafb148be77556bf0cc9a
Digital signature:
QhYZD+fLArMzj4Eukpl7HCNZVgPw3aNNYyx860Mb2tj8CFXTHNZSM6L0k+pUtLKXa8wFbLj 
FPQCF
fnmiE0GiB5zjzT/oyzeFpXhmNH3axBrhQZ/h/qkN/XZgDgX2Dl4g9tv75uzu/ 
XbAtNcbWBl04TPE
wkbu2Dq1aE5Ml0hlZfh
Verification OK.

see if the "# of signatures" matches what i have here.

Jim

My number of signatures is exactly the same as yours.  When I grep for  
somefool, I stop at M.

I do still have the old style signatures located in /usr/share/clamav  
from clam-0.65.  Tomasz mentioned in an earlier post that this could be  
the problem.  I am wondering if I should change the freshclam.conf  
database line from /var/lib/clamav to /usr/share/clamav?

It seems to me that I am updated, as I have the same number of  
signatures as you do, but when I grep it for somefool, maybe it is  
going to the old set in the other directory?

What do you think?

Thanks,

Mark

---
[This E-mail scanned for viruses by Declude Virus]


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


RE: [Clamav-users] clam not fresh

2004-03-26 Thread Jim Maul


> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mark Novak
> Sent: Thursday, March 25, 2004 5:37 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] clam not fresh
>



>
> I did exactly that, deleted the cvd files and re-ran freshclam.  I am
> only showing through SomeFool.M, no O, P or P-dll.
>
> Any ideas or tips appreciated.
>
> Thanks,
>
> Mark


Well, being that this makes no sense, the only thing i can suggest is to try
another mirror.  If you are not specifying one explicitly then you should
get a different one almost every time you run freshclam so i dont know why
this would matter, but i am running out of ideas.  What is the total number
of viruses it says for your database?

Try this

[EMAIL PROTECTED] jmaul]# sigtool -i /var/lib/clamav/main.cvd
Build time: 29 Feb 2004 18-19 +0100
Version: 21
# of signatures: 20094
Functionality level: 1
Builder: tkojm
MD5: a20b254aa5f6b97dcafc115a63c8af4e
Digital signature:
rpzUhP4jcYOSj/tMnkU5zPs3GbJWsdmj2+7Z4BkUGOfN8pS0XnQ2qJY1TF/1P4jeadvBVNoCwJiI
wamnGtBO8fTnLiMgMXSiy/L1odsalY0iCyRmxzYNqWUoG6Q3CMhEJ8M9c8idT7LBGYHwtKCBv0hH
hIIrkqS2jh5V0XAxIwh
Verification OK.

[EMAIL PROTECTED] jmaul]# sigtool -i /var/lib/clamav/daily.cvd
Build time: 26 Mar 2004 10-20 +0100
Version: 217
# of signatures: 615
Functionality level: 1
Builder: diego
MD5: 4c963cdbafb148be77556bf0cc9a
Digital signature:
QhYZD+fLArMzj4Eukpl7HCNZVgPw3aNNYyx860Mb2tj8CFXTHNZSM6L0k+pUtLKXa8wFbLjFPQCF
fnmiE0GiB5zjzT/oyzeFpXhmNH3axBrhQZ/h/qkN/XZgDgX2Dl4g9tv75uzu/XbAtNcbWBl04TPE
wkbu2Dq1aE5Ml0hlZfh
Verification OK.

see if the "# of signatures" matches what i have here.

Jim



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] clam not fresh

2004-03-25 Thread Brian W. Antoine
At 07:09 PM 3/25/04, you wrote:
>On Thu, 25 Mar 2004 at 18:39:29 -0800, Brian W. Antoine wrote:
>> At 05:24 PM 3/25/04, Tomasz Papszun wrote:
>> >On Thu, 25 Mar 2004 at 16:18:38 -0800, Brian W. Antoine wrote:
>> >> 
>> >>   I'm updating from clamav.elektrapro.com and starting a short time ago it 
>> >> now wants
>> >> to update viruses.db, but the checksum fails after the download.  The 
>> >> mirror at ozforces
>> >> does the same thing.
>> >> 
>> >>   This isn't the issue that started this thread, but it appears to be a 
>> >> good place
>> >> to mention that something else is going wrong with the downloads also.
>> >
>> >You use old version of ClamAV. Please upgrade.
>> 
>>   So what versions are no longer supported?
>> 
>
>We still support old-format databases (you can check the list archives
>for Tomasz Kojm's message about for how long in the future - I don't
>remember this) but old versions (using old-format database) are, as a
>whole, significantly worse than current versions.

  Having finally gotten a version with patches that only goes to sleep
about once a week and locks up my production mail servers, I'm going to
be real careful about upgrading to newer versions when the mailing list
has one message after another about problems with them.

>So unless you have some really, really important reasons to use old
>version, you should upgrade.
>If you can't and you still have some problems with updating database,
>please write again with details.

  I just ran freshclam again and instead of downloading viruses.db and
then giving me a checksum error it now claims:

Connected to clamav.elektrapro.com.
Reading md5 sum (viruses.md5): ERROR: md5 sum not found on remote server
ERROR: Can't get viruses.md5 sum from clamav.elektrapro.com

  Obviously somebodies figured out that the checksums were broken and
is playing with the files.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] clam not fresh

2004-03-25 Thread Tomasz Papszun
On Thu, 25 Mar 2004 at 18:39:29 -0800, Brian W. Antoine wrote:
> At 05:24 PM 3/25/04, Tomasz Papszun wrote:
> >On Thu, 25 Mar 2004 at 16:18:38 -0800, Brian W. Antoine wrote:
> >> 
> >>   I'm updating from clamav.elektrapro.com and starting a short time ago it 
> >> now wants
> >> to update viruses.db, but the checksum fails after the download.  The 
> >> mirror at ozforces
> >> does the same thing.
> >> 
> >>   This isn't the issue that started this thread, but it appears to be a 
> >> good place
> >> to mention that something else is going wrong with the downloads also.
> >
> >You use old version of ClamAV. Please upgrade.
> 
>   So what versions are no longer supported?
> 

We still support old-format databases (you can check the list archives
for Tomasz Kojm's message about for how long in the future - I don't
remember this) but old versions (using old-format database) are, as a
whole, significantly worse than current versions.

So unless you have some really, really important reasons to use old
version, you should upgrade.
If you can't and you still have some problems with updating database,
please write again with details.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] clam not fresh

2004-03-25 Thread Brian W. Antoine
At 05:24 PM 3/25/04, Tomasz Papszun wrote:
>On Thu, 25 Mar 2004 at 16:18:38 -0800, Brian W. Antoine wrote:
>> 
>>   I'm updating from clamav.elektrapro.com and starting a short time ago it 
>> now wants
>> to update viruses.db, but the checksum fails after the download.  The 
>> mirror at ozforces
>> does the same thing.
>> 
>>   This isn't the issue that started this thread, but it appears to be a 
>> good place
>> to mention that something else is going wrong with the downloads also.
>
>You use old version of ClamAV. Please upgrade.

  So what versions are no longer supported?



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] clam not fresh

2004-03-25 Thread Tomasz Papszun
On Thu, 25 Mar 2004 at 16:18:38 -0800, Brian W. Antoine wrote:
> 
>   I'm updating from clamav.elektrapro.com and starting a short time ago it 
> now wants
> to update viruses.db, but the checksum fails after the download.  The 
> mirror at ozforces
> does the same thing.
> 
>   This isn't the issue that started this thread, but it appears to be a 
> good place
> to mention that something else is going wrong with the downloads also.

You use old version of ClamAV. Please upgrade.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] clam not fresh

2004-03-25 Thread Brian W. Antoine
At 02:56 PM 3/25/2004, you wrote:
On Thursday 25 March 2004 10:36 pm, Mark Novak wrote:

> > If running the same command on your server does not show the
> > SomeFool.P then
> > your definitions are NOT up to date.  If freshclam insists on saying
> > they
> > are up to date, i would try deleting them totally and running freshclam
> > again.  Maybe that will clear up the problem.
>
> I did exactly that, deleted the cvd files and re-ran freshclam.  I am
> only showing through SomeFool.M, no O, P or P-dll.
>
> Any ideas or tips appreciated.
Where are you collecting the signature updates from?

1. What is in your /usr/local/share/clamav/mirrors.txt file?
2. When you run freshclam, where does it say it's connecting to when it
downloads the database files?
  I'm updating from clamav.elektrapro.com and starting a short time ago it 
now wants
to update viruses.db, but the checksum fails after the download.  The 
mirror at ozforces
does the same thing.

  This isn't the issue that started this thread, but it appears to be a 
good place
to mention that something else is going wrong with the downloads also.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] clam not fresh

2004-03-25 Thread Tomasz Papszun
On Thu, 25 Mar 2004 at 18:19:02 -0500, Colin A. Bartlett wrote:
> 
> Per Tomasz, I first checked the number of signatures reported by freshclam
> and it was reporting the correct number. So Per Jim, I deleted both main.cvd
> and daily.cvd from /var/lib/clamav and ran freshclam again. It downloaded
> them again as expected. But grepping for SomeFool in the sig list still
> didn't give me SomeFool.P. So I searched my system for the CVD files and
> found a SECOND COPY of them in /usr/local/share/clamav. I checked my

Oh, second copy. Problems due to this occur again and again on the list
:-) .

> /etc/clamav.conf file and it says, as I think it should:
> 
> DatabaseDirectory /var/lib/clamav
> 
> So for kicks, I copied the CVD files from /var/lib/clamav over top of the
> ones in /usr/local/share/clamav. That worked! And now when I grep the sig
> list for SomeFool I _DO_ get .P. So the question is this: if my clamav.conf
> says to use /var/lib/clamav, and freshclam is downloading the files to
> there, then why does clamscan use the files in /usr/local/share/clamav?

Maybe you compiled ClamAV with this path?

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] clam not fresh

2004-03-25 Thread Adam Webb - Network Manager
Colin A. Bartlett [EMAIL PROTECTED] wrote:
> Jim Maul Sent: Thursday, March 25, 2004 4:28 PM
> 
> > If freshclam insists on saying they
> > are up to date, i would try deleting them totally and running freshclam
> > again.  Maybe that will clear up the problem.
> 
> Per Tomasz, I first checked the number of signatures reported by freshclam
> and it was reporting the correct number. So Per Jim, I deleted both main.cvd
> and daily.cvd from /var/lib/clamav and ran freshclam again. It downloaded
> them again as expected. But grepping for SomeFool in the sig list still
> didn't give me SomeFool.P. So I searched my system for the CVD files and
> found a SECOND COPY of them in /usr/local/share/clamav. I checked my
> /etc/clamav.conf file and it says, as I think it should:
> 
> DatabaseDirectory /var/lib/clamav
> 
> So for kicks, I copied the CVD files from /var/lib/clamav over top of the
> ones in /usr/local/share/clamav. That worked! And now when I grep the sig
> list for SomeFool I _DO_ get .P. So the question is this: if my clamav.conf
> says to use /var/lib/clamav, and freshclam is downloading the files to
> there, then why does clamscan use the files in /usr/local/share/clamav?
> 
> Thanks for your help and patience thus far!
> 
> cheers,
> Colin
> 
> Colin A. Bartlett
> Kinetic Web Solutions
> www.kineticweb.biz
> 
> 
> 
> ---
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users

Because you're not telling clamscan where to look for the CVD and it
wants to look elsewhere by default?
-- 
Adam Webb - Network Manager


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


RE: [Clamav-users] clam not fresh

2004-03-25 Thread Colin A. Bartlett
Jim Maul Sent: Thursday, March 25, 2004 4:28 PM

> If freshclam insists on saying they
> are up to date, i would try deleting them totally and running freshclam
> again.  Maybe that will clear up the problem.

Per Tomasz, I first checked the number of signatures reported by freshclam
and it was reporting the correct number. So Per Jim, I deleted both main.cvd
and daily.cvd from /var/lib/clamav and ran freshclam again. It downloaded
them again as expected. But grepping for SomeFool in the sig list still
didn't give me SomeFool.P. So I searched my system for the CVD files and
found a SECOND COPY of them in /usr/local/share/clamav. I checked my
/etc/clamav.conf file and it says, as I think it should:

DatabaseDirectory /var/lib/clamav

So for kicks, I copied the CVD files from /var/lib/clamav over top of the
ones in /usr/local/share/clamav. That worked! And now when I grep the sig
list for SomeFool I _DO_ get .P. So the question is this: if my clamav.conf
says to use /var/lib/clamav, and freshclam is downloading the files to
there, then why does clamscan use the files in /usr/local/share/clamav?

Thanks for your help and patience thus far!

cheers,
Colin

Colin A. Bartlett
Kinetic Web Solutions
www.kineticweb.biz



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] clam not fresh

2004-03-25 Thread Antony Stone
On Thursday 25 March 2004 10:36 pm, Mark Novak wrote:

> > If running the same command on your server does not show the
> > SomeFool.P then
> > your definitions are NOT up to date.  If freshclam insists on saying
> > they
> > are up to date, i would try deleting them totally and running freshclam
> > again.  Maybe that will clear up the problem.
>
> I did exactly that, deleted the cvd files and re-ran freshclam.  I am
> only showing through SomeFool.M, no O, P or P-dll.
>
> Any ideas or tips appreciated.

Where are you collecting the signature updates from?

1. What is in your /usr/local/share/clamav/mirrors.txt file?
2. When you run freshclam, where does it say it's connecting to when it 
downloads the database files?

Antony.

-- 
Wanted: telepath.   You know where to apply.

 Please reply to the list;
   please don't CC me.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] clam not fresh

2004-03-25 Thread Mark Novak
See below -
On Mar 25, 2004, at 3:28 PM, Jim Maul wrote:


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Colin A.
Bartlett
Sent: Thursday, March 25, 2004 2:47 PM
To: [EMAIL PROTECTED]
Subject: RE: [Clamav-users] clam not fresh

Another poster pointed to testvirus.org for testing.  I think you'll
find some methods of delivery more effective than others and that
clamav will miss some of these.
They're not being detected by clam even when running them right 
through
clamscan on the command prompt. I think it's because SomeFool.P
isn't in my
sig list even though freshclam says I'm up to date.

My server shows the following:

[EMAIL PROTECTED] bin]# sigtool -l |grep -i somefool
Worm.SomeFool
Worm.SomeFool.B
Worm.SomeFool.B.2
Worm.SomeFool.D
Worm.SomeFool.E
Worm.SomeFool.F
Worm.SomeFool.Gen-1
Worm.SomeFool.Gen-2
Worm.SomeFool.Gen-unp
Worm.SomeFool.I
Worm.SomeFool.K
Worm.SomeFool.L
Worm.SomeFool.M
Worm.SomeFool.O
Worm.SomeFool.P
Worm.SomeFool.P-dll
If running the same command on your server does not show the 
SomeFool.P then
your definitions are NOT up to date.  If freshclam insists on saying 
they
are up to date, i would try deleting them totally and running freshclam
again.  Maybe that will clear up the problem.

And don't eat bad clams.
I had a bad oyster the other day but never a bad clam.
I stay away from seafood altogether...

Jim

I did exactly that, deleted the cvd files and re-ran freshclam.  I am 
only showing through SomeFool.M, no O, P or P-dll.

Any ideas or tips appreciated.

Thanks,

Mark

---
[This E-mail scanned for viruses by Declude Virus]


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


RE: [Clamav-users] clam not fresh

2004-03-25 Thread Jim Maul


> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Colin A.
> Bartlett
> Sent: Thursday, March 25, 2004 2:47 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Clamav-users] clam not fresh
>
>
> > Another poster pointed to testvirus.org for testing.  I think you'll
> > find some methods of delivery more effective than others and that
> > clamav will miss some of these.
>
> They're not being detected by clam even when running them right through
> clamscan on the command prompt. I think it's because SomeFool.P
> isn't in my
> sig list even though freshclam says I'm up to date.
>

My server shows the following:

[EMAIL PROTECTED] bin]# sigtool -l |grep -i somefool
Worm.SomeFool
Worm.SomeFool.B
Worm.SomeFool.B.2
Worm.SomeFool.D
Worm.SomeFool.E
Worm.SomeFool.F
Worm.SomeFool.Gen-1
Worm.SomeFool.Gen-2
Worm.SomeFool.Gen-unp
Worm.SomeFool.I
Worm.SomeFool.K
Worm.SomeFool.L
Worm.SomeFool.M
Worm.SomeFool.O
Worm.SomeFool.P
Worm.SomeFool.P-dll

If running the same command on your server does not show the SomeFool.P then
your definitions are NOT up to date.  If freshclam insists on saying they
are up to date, i would try deleting them totally and running freshclam
again.  Maybe that will clear up the problem.

> > And don't eat bad clams.
>
> I had a bad oyster the other day but never a bad clam.

I stay away from seafood altogether...

Jim



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


RE: [Clamav-users] clam not fresh

2004-03-25 Thread [EMAIL PROTECTED]
Colin A. Bartlett said:
>> Another poster pointed to testvirus.org for testing.  I think
>> you'll
>> find some methods of delivery more effective than others and that
>> clamav will miss some of these.
>
> They're not being detected by clam even when running them right
> through
> clamscan on the command prompt. I think it's because SomeFool.P
> isn't in my
> sig list even though freshclam says I'm up to date.
>

Well, it works for me.

sigtool -i main.cvd reports:

Build time: 29 Feb 2004 18-19 +0100
Version: 21
# of signatures: 20094
Functionality level: 1
Builder: tkojm
MD5: a20b254aa5f6b97dcafc115a63c8af4e
Digital signature:
rpzUhP4jcYOSj/tMnkU5zPs3GbJWsdmj2+7Z4BkUGOfN8pS0XnQ2qJY1TF/1P4jeadvBVNoCwJiIwamnGtBO8fTnLiMgMXSiy/L1odsalY0iCyRmxzYNqWUoG6Q3CMhEJ8M9c8idT7LBGYHwtKCBv0hHhIIrkqS2jh5V0XAxIwh
Digital signature support not compiled in.
Verification OK.

sigtool -i daily.cvd reports:

Build time: 25 Mar 2004 15-10 +0100
Version: 215
# of signatures: 608
Functionality level: 1
Builder: diego
MD5: ea131331b9006fe9139c0527b8a3ace2
Digital signature:
jL35pyOXWpm+SrPz1SBpDgVHT72RCDcteU8JqM5C6wIcGR9dOXYBwcacE5ARzEKwtw4ElwCoSwFLVF8mfw8wVVtuN1Ll+EmAJXWf8nDPu69mv4xKE5Y1DNMAQYgZlvuXwQMEzNRjuyvAIyc5aR9d0aD0v8UrpYzNiHj49vDbOne
Digital signature support not compiled in.
Verification OK.

And the log says:

/var/spool/qmailscan/tmp/dinky.tclme.org10802154054707319/readme.pif:
Worm.SomeFool.P FOUND

-- 

Bob Greene


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


RE: [Clamav-users] clam not fresh

2004-03-25 Thread Colin A. Bartlett
> Another poster pointed to testvirus.org for testing.  I think you'll
> find some methods of delivery more effective than others and that
> clamav will miss some of these.

They're not being detected by clam even when running them right through
clamscan on the command prompt. I think it's because SomeFool.P isn't in my
sig list even though freshclam says I'm up to date.

> And don't eat bad clams.

I had a bad oyster the other day but never a bad clam.

cheers,
Colin

Colin A. Bartlett
Kinetic Web Solutions
www.kineticweb.biz



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] clam not fresh

2004-03-25 Thread Tomasz Papszun
On Thu, 25 Mar 2004 at  9:52:26 -0500, Colin A. Bartlett wrote:
> 
> I've upgraded my ClamAV and I'm no longer getting errors on freshclam.
> However it doesn't seem to be updated. I noticed some viruses slipping
> through and ran them through the online scanner. Some were identified as
> SomeFool.P. I grepped my sigtool -l  list for SomeFool and .P isn't listed.
> But freshclam says main.cvd and daily.cvd are up to date.
> 

What is the end of your freshclam log? Should be similar to this (I mean
numbers of sigs):

ClamAV update process started at Thu Mar 25 18:52:31 2004
main.cvd is up to date (version: 21, sigs: 20094, f-level: 1, builder: tkojm)
daily.cvd updated (version: 215, sigs: 608, f-level: 1, builder: diego)
Database updated (20702 signatures) from database.clamav.net (209.94.36.5).

If not, we'll try to search for the reason.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] clam not fresh

2004-03-25 Thread [EMAIL PROTECTED]
Colin A. Bartlett said:
> Hello All
>
> I've upgraded my ClamAV and I'm no longer getting errors on
> freshclam.
> However it doesn't seem to be updated. I noticed some viruses
> slipping
> through and ran them through the online scanner. Some were
> identified as
> SomeFool.P. I grepped my sigtool -l  list for SomeFool and .P isn't
> listed.
> But freshclam says main.cvd and daily.cvd are up to date.
>
> Any ideas? Thanks as always.
>

Another poster pointed to testvirus.org for testing.  I think you'll
find some methods of delivery more effective than others and that
clamav will miss some of these.

And don't eat bad clams.

-- 

Bob Greene


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users