Re: [Clamav-users] clamav on debian stable
agenteo wrote: this is the log I get: /home/teottie/.viminfo: Unable to open file or directory ERROR /home/teottie/mbox: Unable to open file or directory ERROR /home/teottie/.bash_history: Unable to open file or directory ERROR /home/teottie/clamav-testfiles/test-failure.rar: RAR module failure ERROR /home/teottie/clamav-testfiles/test: ClamAV-Test-Signature FOUND /home/teottie/clamav-testfiles/test-zip-noext: ClamAV-Test-Signature FOUND /home/teottie/clamav-testfiles/test.bz2: ClamAV-Test-Signature FOUND /home/teottie/clamav-testfiles/test.msc: ClamAV-Test-Signature FOUND /home/teottie/clamav-testfiles/test.rar: ClamAV-Test-Signature FOUND/home/teottie/clamav-testfiles/test.zip: ClamAV-Test-Signature FOUND /home/carinic/.bash_history: Unable to open file or directory ERROR I didn't understand why it gives error while tring to open thoose dotted files, I was loggedin as teottie while the scan was working. But carinic was not connected! Thanks in advance, Enrico It seems you may want to run clamscan instead of the daemon. The difference is: clamd runs as user clamav by default (on Debian). clamd and it's client program, clamdscan, were made for email scanning, where there are many (even concurrent) invocations in a small time. Here the daemon keeps the malware database in memory all the time. It also scans with the privileges of the daemon process, not the one who invoked clamdscan. You can change the daemon's user id by running "dpkg-reconfigure clamav-daemon", and instruct it to run as root. You can also edit /etc/clamav/clamav.conf [clamd.conf in 0.80 or newer); look for the "User" directive. clamscan (note the missing "d") on the other hand, loads the malware database each time it starts, but runs with the privileges ov the invoking user. This way it is better suited for scanning whole file shares (eg once a day). Hope this helped you, Thomas --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav on debian stable
On Tue, 21 Sep 2004 at 12:23:32 +0200, agenteo wrote: > this is the log I get: > /home/teottie/.viminfo: Unable to open file or directory ERROR > /home/teottie/mbox: Unable to open file or directory ERROR > /home/teottie/.bash_history: Unable to open file or directory ERROR [...] > /home/carinic/.bash_history: Unable to open file or directory ERROR > > I didn't understand why it gives error while tring to open thoose dotted > files, I was loggedin as teottie while the scan was working. But carinic > was not connected! > Thanks in advance, > Enrico Was the scanning done with clamscan or with clamdscan? If with clamdscan, then the user running clamd would have to have access to the scanned files. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clamav on debian stable
this is the log I get: /home/teottie/.viminfo: Unable to open file or directory ERROR /home/teottie/mbox: Unable to open file or directory ERROR /home/teottie/.bash_history: Unable to open file or directory ERROR /home/teottie/clamav-testfiles/test-failure.rar: RAR module failure ERROR /home/teottie/clamav-testfiles/test: ClamAV-Test-Signature FOUND /home/teottie/clamav-testfiles/test-zip-noext: ClamAV-Test-Signature FOUND /home/teottie/clamav-testfiles/test.bz2: ClamAV-Test-Signature FOUND /home/teottie/clamav-testfiles/test.msc: ClamAV-Test-Signature FOUND /home/teottie/clamav-testfiles/test.rar: ClamAV-Test-Signature FOUND/home/teottie/clamav-testfiles/test.zip: ClamAV-Test-Signature FOUND /home/carinic/.bash_history: Unable to open file or directory ERROR I didn't understand why it gives error while tring to open thoose dotted files, I was loggedin as teottie while the scan was working. But carinic was not connected! Thanks in advance, Enrico --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clamav on debian stable
no I'm not using it, actually I'm just tring clamav to check the samba shares (and take care of infections). I don't have a MTA, I just send text mails (with an extern SMTP) to log samba events. > It could be easily construed that issuing this command would result in > a reply from the clamd daemon running on the local machine. I was assuming it, I was wrong thanks :-) now I got it I've used this line in cron to scan my homes: 13 6 * * * root /usr/bin/clamdscan -r --mbox /home I've added this line to clamd.conf VirusEvent /home/utility/avvisoVirus.sh my hope was to execute this script when an infected file was found. It just cat some text (like date and virus found) to a file. The report tells: date -> testFile(taken from clamav-testfiles): ClamAV-Test-Signature FOUND but the command in VirusEvent is not executed! In the logs I didn't found trace about errors tring to execute the command. My target to create a file with each file name and the virus type (with %v and %f) founded. Then use this file to take care of the files. What do you you think about that? Is this a good way to take care of infected files? Thanks in advance, Enrico Il mar, 2004-09-21 alle 00:14, D.J. Fan ha scritto: > >From: agenteo I've installed the clamav (clamav clamav-base clamav-deamon > >clamav-freshclean alibclamav1) debian packages taken from > >www.clamav.net/binary.html > > Are you also using amavisd-new? > > _ > FREE pop-up blocking with the new MSN Toolbar get it now! > http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ > > > > --- > This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 > Project Admins to receive an Apple iPod Mini FREE for your judgement on > who ports your project to Linux PPC the best. Sponsored by IBM. > Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clamav on debian stable
From: agenteo I've installed the clamav (clamav clamav-base clamav-deamon clamav-freshclean alibclamav1) debian packages taken from www.clamav.net/binary.html Are you also using amavisd-new? _ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav on debian stable
Thomas Lamy wrote: > RTFM (in /usr/share/clamav or on http://www.clamav.net/). And install > the package "clamav-testfiles" As much as I would generally agree with the read the documentation reply as a rule, the clamd options, i.e: PING, are not clearly explained in the documentation, and could lead to some confusion. Relevant snippet below: clamd recognizes the following commands: PING Check the server's state. It should reply with "PONG". It could be easily construed that issuing this command would result in a reply from the clamd daemon running on the local machine. A little leniency regarding the grey areas of the documentation would not go amiss. Matt --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav on debian stable
agenteo wrote: Hi, I've installed the clamav (clamav clamav-base clamav-deamon clamav-freshclean alibclamav1) debian packages taken from www.clamav.net/binary.html At the end of the installation/configuration I've tried as root #clamd PING in the document I've read the clamav deamon should answer with something, that didn't come back. Instead of that, I've found in the log this: ERROR: Socket file /var/run/clamav/clamd.ctl is in use by another process. From ps aux | grep clam I've got this: clamav 640 0.0 0.1 2036 984 ?S15:35 0:00 /usr/bin/freshclam -d --quiet -p /var/run/clamav/freshclam.pid clamav 694 0.0 3.0 16824 15836 ? S15:35 0:00 /usr/sbin/clamd clamav 697 0.0 3.0 16824 15836 ? S15:36 0:00 /usr/sbin/clamd You tried to use the server binary as a client. "Socket file in use" tells you that clamd is really running, as tells you the ps output. Anyone knows what does this situation means? Is the antivirus working? RTFM (in /usr/share/clamav or on http://www.clamav.net/). And install the package "clamav-testfiles", you can use clamscna and/or clamdscan to test if your installation was successful. Thanks in advance, Enrico Thomas --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
