Re: [clamav-users] clamav

[Matus UHLAR - fantomas]

On 14.11.19 10:49, ALMOKBEL, RAWAN wrote:

I have a question regarding clamav scan,
Does clamav scan embedded virus and malicious inside files ?


clamav supports scaning file archives and files inside them.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam = (S)tupid (P)eople's (A)dvertising (M)ethod

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav

[Al Varnell via clamav-users]

That's a pretty broad question, but in general, the answer is yes, as long as 
ClamAV can recognize the format of the file. That does include many archives, 
but I believe there are a few that cannot be expanded. There are also some size 
restrictions on how much of a large file will be scanned due to RAM 
restrictions.

If you can narrow down your question to some specific file types, we could give 
you a more accurate answer.

-Al-

> On Nov 13, 2019, at 23:49, ALMOKBEL, RAWAN  > wrote:
> 
> Good Day!
> I have a question regarding clamav scan, 
> Does clamav scan embedded virus and malicious inside files ?
> 
> Kind regards,

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav

[G.W. Haywood via clamav-users]

Hi there,

On Thu, 14 Nov 2019, ALMOKBEL, RAWAN wrote:


Good Day!


Well it's been raining here for weeks, but good day to you too! :)


Does clamav scan embedded virus and malicious inside files ?


If you mean archive files the question has already been answered well,
but I would add that it is almost true to say that ClamAV _only_ scans
inside files.  It is only 'almost' true because you can, for example,
ask clamd to listen to a socket, and feed data directly to it via the
socket.  But most of the time it will be a file which you pipe to the
socket.  In that case, clamd itself will know nothing about the file,
except perhaps its length - or at least the amount of data it scanned
before it found something which for example matches a signature.  All
it knows is what came along from the socket - this does not include,
for example, the name of the file, and the data is normally sent in
'chunks' so clamd generally only knows the length of the 'chunks'.

Processing mail using a milter is a very common use of ClamAV, and
indeed ClamAV packages its own milter, 'clamav-milter', for that
purpose.  A milter sends data to clamd via a socket, for scanning in
the same way that clamdscan does.  Neither scans the data itself, but
simply passes the data to clamd.  (Again, 'simply' is almost true.)

I wonder if you meant to ask if ClamAV can scan memory.  Unlike some
commercial anti-virus packages, ClamAV cannot do that directly; but
you can if you wish write code to read memory and pipe the data to a
clamd process for scanning.

With existing signature databases I do not know how effective that
might be, because I do not know how many (if any) signatures have been
written with the intention of finding things in memory rather than in
files, or which might be expected to match memory content even if not
written with that intention.  Most executable files are modified when
they are loaded into memory, and it is common for the data in other
files to be modified as it is loaded, even if not for execution.  For
e.g. the 'heuristics' type signatures I'd say all bets are off.

If you have particular requirements to scan memory, in principle it
would not be difficult to produce the signatures.  But it would be a
substantial undertaking to scan memory in a multi-user, multi-tasking
operating system (which may be using paging, sharing, virtual memory,
swap and DMA) using clamd in a way which makes any real sense.  I'd be
pleased to be proven wrong, and if I'm wrong I'm sure Sourcefire would
be pleased too. :)

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav

[Paul Kosinski via clamav-users]

ClamAV also can't deal with files bigger than 4 GB. This prevents it
from scanning some videos, DVD-size ISOs, etc.

This is a shame, since Linux (and I presume most other modern OSes)
have been able to deal with "large" files (with 64-bit lengths and
offsets) for years now.


On Thu, 14 Nov 2019 00:15:47 -0800
Al Varnell via clamav-users  wrote:

> That's a pretty broad question, but in general, the answer is yes, as
> long as ClamAV can recognize the format of the file. That does
> include many archives, but I believe there are a few that cannot be
> expanded. There are also some size restrictions on how much of a
> large file will be scanned due to RAM restrictions.
> 
> If you can narrow down your question to some specific file types, we
> could give you a more accurate answer.
> 
> -Al-
> 
> > On Nov 13, 2019, at 23:49, ALMOKBEL, RAWAN  > > wrote:
> > 
> > Good Day!
> > I have a question regarding clamav scan, 
> > Does clamav scan embedded virus and malicious inside files ?
> > 
> > Kind regards,

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav

[G.W. Haywood via clamav-users]

Hi there,

On Thu, 14 Nov 2019, Paul Kosinski via clamav-users wrote:


ClamAV also can't deal with files bigger than 4 GB. This prevents it
from scanning some videos, DVD-size ISOs, etc.


The usefulness of scanning such files is debatable, but you can split
large files into pieces and scan the pieces using streaming to clamd.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav

[Paul Kosinski via clamav-users]

On Thu, 14 Nov 2019 22:26:58 + (GMT)
"G.W. Haywood via clamav-users"  wrote:

> Hi there,
> 
> On Thu, 14 Nov 2019, Paul Kosinski via clamav-users wrote:
> 
> > ClamAV also can't deal with files bigger than 4 GB. This prevents it
> > from scanning some videos, DVD-size ISOs, etc.
> 
> The usefulness of scanning such files is debatable, but you can split
> large files into pieces and scan the pieces using streaming to clamd.
> 


Video files have been used to attack buggy video players, and ISOs that
hold software distributions can easily be that big. And remember that
DVDs and flash disks that may be created from an ISO are often booted
from to install whatever. This could mean your system is compromised at
birth. 

Also, splitting files may split in the middle of a signature. Plus, if
an archive file is split, the pieces will no longer be proper archives.

P.S With regard to files bigger than 4 GB -- "nobody needs more than
640 K of RAM", "4 billion IP addresses are more than enough", "31 bit
time stamps will last for 70 years", "64-bit addressing is unnecessary
for home computers", and, "disks with more than X 512-byte blocks are
overkill". (Note that X has had to have been increased 7 times -- from
508 MB to 2.1 GB, to 4.2 GB, to 8.4 GB, to 33.8 GB, to 137 GB, to 2 or
4 TB, and now to 128 PB with LBA 48. This lack of foresight makes the
Y2K issue seem like good planning.)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav

[G.W. Haywood via clamav-users]

Hi there,

On Fri, 15 Nov 2019, Paul Kosinski via clamav-users wrote:

On Thu, 14 Nov 2019 G.W. Haywood via clamav-users wrote:

On Thu, 14 Nov 2019, Paul Kosinski via clamav-users wrote:


ClamAV also can't deal with files bigger than 4 GB. This prevents it
from scanning some videos, DVD-size ISOs, etc.


The usefulness of scanning such files is debatable, but you can split
large files into pieces and scan the pieces using streaming to clamd.





Video files have been used to attack buggy video players, and ISOs
that hold software distributions can easily be that big.  And
remember that DVDs and flash disks that may be created from an ISO
are often booted from to install whatever. This could mean your
system is compromised at birth.  ...


None of this alters the fact that if you look for malware with ClamAV,
then, if it's not a zero-day, by my estimation you have about a one in
three chance of finding it, even if the malware is in a 900 byte file.
Of course if it _is_ a zero-day, you have practically no chance.  So,
even if you scan it, your system can *still* be compromised at birth,
except that now you'll think it isn't, because you've scanned it.

Trying to detect problems by scanning gigabytes of data for irrelevant
threats, or scanning entire Linux systems for some millions of Windows
viruses, when instead you could be doing something rational to prevent
those problems in the first place, is plain crackers.  There seems to
be a school of thought that to secure a system, all you have to do is
install an anti-virus package, regularly scan your entire filesystem,
and you're safe.  That's nonsense, and I'm not sure that the purveyors
of anti-virus packages aren't in some ways contributing to the general
misunderstanding.

If I were going to take risks like viewing random files that I'd (for
example) downloaded from the Internet using (for example) some dodgy
video player, then I'd at least first spin up a VM to do it with.  If
an employee knowingly did such a thing at work then they'd be fired;
they've already signed a bit of paper which says so.  One of the main
uses for ClamAV here is looking for emails which try to trick people
into doing just that sort of thing.  If I'm thinking of running some
installer from an .iso file I'll be looking at least for an md5sum,
and more likely quite a bit more than that.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [Clamav-users] clamav

[Steven]

Julie S. Lin wrote:
> Hi
> 
> I'm using clamav-0.90.1 and it's filling up /var on my system
> I can not find anywhere in the docs to specify logging
> these logs are the clan logs for each message. :(
> 
> HELP

Is it actually clamav filling up the logs or the program calling
clamav?  You don't have debugging on in clamav do you?  What file
is it logging to?

You could always rotate your logs faster as well.

Steve

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav

[Julie S. Lin]

Hi

thanks! that was it. i appreciate the help.

J

Steven wrote:

>Julie S. Lin wrote:
>  
>
>>Hi
>>
>>I'm using clamav-0.90.1 and it's filling up /var on my system
>>I can not find anywhere in the docs to specify logging
>>these logs are the clan logs for each message. :(
>>
>>HELP
>>
>>
>
>Is it actually clamav filling up the logs or the program calling
>clamav?  You don't have debugging on in clamav do you?  What file
>is it logging to?
>
>You could always rotate your logs faster as well.
>
>Steve
>
>___
>Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>http://lurker.clamav.net/list/clamav-users.html
>  
>

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

RE: [Clamav-users] clamav...

[Shannon Werb]

Take a look at clamwin, which uses clamav, and works with Windows.
http://clamwin.sourceforge.net/

Regards,
Shannon
http://www.battcave.com/

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of bruce
Sent: Wednesday, April 21, 2004 11:54 AM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] clamav...

hi...

we're new to clamav and trying to get a better understanding. we've looked
through the clamav docs and from our understanding, the app appears to be a
mail server oriented spam/virus app. is this pretty much the case..??

we're looking for an "open source" app that can be used to do
virus/trojan/etc protection for the linux/windows desktop... kind of like
mcafee/symantec/norton/etc...

if clamav doesn't fit the bill, does anyone know of an app that might?

thanks

bruce
[EMAIL PROTECTED]



---
This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial
presented by Daniel Robbins, President and CEO of GenToo technologies. Learn
everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav...

[Peter Bonivart]

bruce wrote:
we're new to clamav and trying to get a better understanding. we've looked
through the clamav docs and from our understanding, the app appears to be a
mail server oriented spam/virus app. is this pretty much the case..??
Clam's primary target is mail servers, yes.

we're looking for an "open source" app that can be used to do
virus/trojan/etc protection for the linux/windows desktop... kind of like
mcafee/symantec/norton/etc...
The only open source and up to date virus scanner is Clam. Several of 
the commercial alternatives have free versions for personal use but I 
guess that will not work for you.

Look here for work going on to broaden the reach of Clam:

http://www.clamav.net/3rdparty.html#pagestart

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7,
SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ClamAv

[Stephen Gran]

On Mon, Nov 28, 2005 at 11:04:37AM +, Markus Braun said:
> Hello,
> 
> I have installad ClamAV over apt.get on a debian sarge system.
> 
> I have made this:
> 
> apt-get install clamav clamav-freshclam clamav-daemon
> 
> usermod -G Debian-exim clamav
> 
> /etc/init.d/clamav-daemon restart
> 
> So is that correct, how can i test it?
> Or must i configure more?
> 
> How does freshclam updates the virus definitions?
> Must i add a link to the virusdatabse and make a cronjob?

dpkg-reconfigure clamav-freshclam
dpkg-reconfigure clamav-base

Will do most of the work for you.

Take care,
-- 
 --
|  Stephen Gran  | Love America -- or give it back.|
|  [EMAIL PROTECTED] | |
|  http://www.lobefin.net/~steve | |
 --


signature.asc
Description: Digital signature
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAv

[Markus Braun]

dpkg-reconfigure clamav-freshclam
dpkg-reconfigure clamav-base


I have installed these packages:

apt-get install clamav clamav-freshclam clamav-daemon

but clamav is not active.
How can i check this?

The eicar testfile comes into my mailbox. :-(

But in the exim4 reject.log, is some info that he is rejecting it.

marcus

_
Sie suchen E-Mails, Dokumente oder Fotos? Die neue MSN Suche Toolbar mit 
Windows-Desktopsuche liefert in sekundenschnelle Ergebnisse. Jetzt neu! 
http://desktop.msn.de/ Jetzt gratis downloaden!


___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAv

[Stephen Gran]

On Mon, Nov 28, 2005 at 12:00:25PM +, Markus Braun said:
> I have installed these packages:
> 
> apt-get install clamav clamav-freshclam clamav-daemon
> 
> but clamav is not active.  How can i check this?

What does this mean?  Not running, or not magically integrated with your
MTA?   ps -u clamav will tell you what processes are running as user
clamav.  If clamd and freshclam are not listed in the output, I will be
very surprised.

On the other hand, if you mean they're not magically integrated with
your MTA, then the answer is of course they're not.  Read
/usr/share/doc/clamav-daemon/README.Debian.gz and look for instructions
on how to integrate clamav with your MTA.

> The eicar testfile comes into my mailbox. :-(
> 
> But in the exim4 reject.log, is some info that he is rejecting it.

Again, not sure what you mean here - exim is rejecting a message with
eicar, and yet delivering it anyway?  That makes no sense.
-- 
 --
|  Stephen Gran  | On-line, adj.:  The idea that a human   |
|  [EMAIL PROTECTED] | being should always be accessible to a  |
|  http://www.lobefin.net/~steve | computer.   |
 --


signature.asc
Description: Digital signature
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAv

[Markus Braun]

What does this mean?  Not running, or not magically integrated with your
MTA?   ps -u clamav will tell you what processes are running as user
clamav.  If clamd and freshclam are not listed in the output, I will be
very surprised.


sorry for my bad english. So Clamd and freshclam is runnning as user clamav.


Again, not sure what you mean here - exim is rejecting a message with
eicar, and yet delivering it anyway?  That makes no sense.


yes, he delivered it in my mailbox.
but i cant understand why?

This is in the reject.log of exim4:

2005-11-28 08:35:33 H=(XXX.XXX.XXX.XXX) [219.133.174.71] rejected EHLO or 
HELO 80.XXX.145.XXX: "Dropped spammer pretending to be us"
2005-11-28 12:49:57 1EghW9-0001Kd-Mb H=mail.fluns.com (www.declude.com) 
[63.246.13.85] F=<[EMAIL PROTECTED]> rejected after DATA: This 
message contains an unwanted file extension (com)

Envelope-from: <[EMAIL PROTECTED]>
Envelope-to: <[EMAIL PROTECTED]>
P Received: from mail.fluns.com ([63.246.13.85] helo=www.declude.com)
by dXXX-XXX-XXX-XXX.dds.hosteurope.de with smtp (Exim 4.50)
id 1EghW9-0001Kd-Mb
for [EMAIL PROTECTED]; Mon, 28 Nov 2005 12:49:57 +0100
 X-Web-Originating-IP: 193.28.100.68
I Message-Id: <[EMAIL PROTECTED]>
 X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
 Date: Thu, 02 Nov 2000 20:23:17 -0500
F From: "WebMaster" <[EMAIL PROTECTED]>
T To: "User" <[EMAIL PROTECTED]>
 Subject: Test eicar.com file [eicarplain]
 Mime-Version: 1.0
 Content-Type: multipart/mixed;
BounDary="=_307115168==_"


But in my (/etc/exim4/vexim-acl-check-content.conf i have this part:

# Reject virus infested messages.
 warn  message = This message contains malware ($malware_name)
   malware = *
   log_message = This message contains malware ($malware_name)

So he dont warn me :-(
any idea?
marcus

_
Sie suchen E-Mails, Dokumente oder Fotos? Die neue MSN Suche Toolbar mit 
Windows-Desktopsuche liefert in sekundenschnelle Ergebnisse. Jetzt neu! 
http://desktop.msn.de/ Jetzt gratis downloaden!


___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAv

[Stephen Gran]

On Mon, Nov 28, 2005 at 01:26:04PM +, Markus Braun said:
> >What does this mean?  Not running, or not magically integrated with your
> >MTA?   ps -u clamav will tell you what processes are running as user
> >clamav.  If clamd and freshclam are not listed in the output, I will be
> >very surprised.
> 
> sorry for my bad english. So Clamd and freshclam is runnning as user clamav.
> 
> >Again, not sure what you mean here - exim is rejecting a message with
> >eicar, and yet delivering it anyway?  That makes no sense.
> 
> yes, he delivered it in my mailbox.
> but i cant understand why?
> 
> This is in the reject.log of exim4:
> 
> [63.246.13.85] F=<[EMAIL PROTECTED]> rejected after DATA: This 
> message contains an unwanted file extension (com)

A file was rejected because it had the extension .com, not because of
viral content.

> But in my (/etc/exim4/vexim-acl-check-content.conf i have this part:
> 
> # Reject virus infested messages.
>  warn  message = This message contains malware ($malware_name)
>malware = *
>log_message = This message contains malware ($malware_name)
> 
> So he dont warn me :-(

The warn directive adds a log message, or a header (if used as 
message = X-virus: yes or some such)  It does not reject mail or impede
mail flow in any way.  Look in your logs - do you see a line with the
above warning?

Take a look at /usr/share/doc/exim4-base/spec.txt.gz for details of what
the various directives mean.  It sounds at the moment like you are
hoping for a different behavior than you have configured from your MTA,
so I would start with making sure the MTA is properly configured.  If
you look through the docs in the exim4-base directory, there are several
that point to Debian-specific sources of information, such as mailing
lists and on-line documetnation.  I would start there, and return here
if clamav does not work as expected after you are sure the MTA
integration is correct.

Take care,
-- 
 --
|  Stephen Gran  | In those days he was wiser than he is   |
|  [EMAIL PROTECTED] | now -- he used to frequently take my|
|  http://www.lobefin.net/~steve | advice.   -- Winston Churchill  |
 --


signature.asc
Description: Digital signature
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAv

[Markus Braun]

Take a look at /usr/share/doc/exim4-base/spec.txt.gz for details of what
the various directives mean.  It sounds at the moment like you are
hoping for a different behavior than you have configured from your MTA,
so I would start with making sure the MTA is properly configured.  If
you look through the docs in the exim4-base directory, there are several
that point to Debian-specific sources of information, such as mailing
lists and on-line documetnation.  I would start there, and return here
if clamav does not work as expected after you are sure the MTA
integration is correct.


Hi,
i looked at the Readme.DEbian and found this here:

  To enable clamav in the Debian exim4 packages, add
  av_scanner = clamd:/var/run/clamav/clamd.ctl
  (or if you've chosen tcp sockets)
  av_scanner = clamd:127.0.0.1 3310
  to the main configuration settings (a new file under
  /etc/exim4/conf.d/main/ if split config is being used)

  Then add the following to your data time acl:

  deny  message = This message contains a virus: ($malware_name) please 
scan your system.

demime = *
malware = *

I have addes this lines to my configuration, but the ZIP Eicar testfile 
comes directly in my mailbox, but i think some other virus mails are 
blocked. This is some text of the rejectlog:


2005-11-28 20:05:01 H=cph254.neoplus.adsl.tpnet.pl (142528648) 
[83.31.213.254] rejected EHLO or HELO 142528648: "Dropped IP-only or 
IP-starting helo"
2005-11-28 20:05:39 H=p5485fedc.dip.t-dialin.net (146051280) 
[84.133.254.220] rejected EHLO or HELO 146051280: "Dropped IP-only or 
IP-starting helo"
2005-11-28 20:06:13 H=cm-85-152-224-117.telecable.es (144202488) 
[85.152.224.117] rejected EHLO or HELO 144202488: "Dropped IP-only or 
IP-starting helo"
2005-11-28 20:06:42 H=(146606752) [82.2.34.177] rejected EHLO or HELO 
146606752: "Dropped IP-only or IP-starting helo"
2005-11-28 20:07:07 H=(146606752) [83.237.133.103] rejected EHLO or HELO 
146606752: "Dropped IP-only or IP-starting helo"
2005-11-28 20:07:13 H=24-107-138-114.dhcp.stls.mo.charter.com (144151776) 
[24.107.138.114] rejected EHLO or HELO 144151776: "Dropped IP-only or 
IP-starting helo"


Can i test it with another virust test string?

_
Sie suchen E-Mails, Dokumente oder Fotos? Die neue MSN Suche Toolbar mit 
Windows-Desktopsuche liefert in sekundenschnelle Ergebnisse. Jetzt neu! 
http://desktop.msn.de/ Jetzt gratis downloaden!


___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAv

[Dennis Peterson]

Markus Braun said:

[whackage happened]

>
> Hi,
> i looked at the Readme.DEbian and found this here:
>
>To enable clamav in the Debian exim4 packages, add
>av_scanner = clamd:/var/run/clamav/clamd.ctl
>(or if you've chosen tcp sockets)
>av_scanner = clamd:127.0.0.1 3310
>to the main configuration settings (a new file under
>/etc/exim4/conf.d/main/ if split config is being used)
>
>Then add the following to your data time acl:
>
>deny  message = This message contains a virus: ($malware_name) please
> scan your system.
>  demime = *
>  malware = *
>
> I have addes this lines to my configuration, but the ZIP Eicar testfile
> comes directly in my mailbox, but i think some other virus mails are
> blocked. This is some text of the rejectlog:

>
> Can i test it with another virust test string?

A possible problem, I suppose, is that you're testing from a local account
and your system is not set up to scan mail from local accounts. Crazier
things have happened.

dp
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAv

[Markus Braun]

A possible problem, I suppose, is that you're testing from a local account
and your system is not set up to scan mail from local accounts. Crazier
things have happened.



No, i sent it over this:

http://www.declude.com/Articles.asp?ID=99

And the Zip File was in my inbox

;-(

_
Sie suchen E-Mails, Dokumente oder Fotos? Die neue MSN Suche Toolbar mit 
Windows-Desktopsuche liefert in sekundenschnelle Ergebnisse. Jetzt neu! 
http://desktop.msn.de/ Jetzt gratis downloaden!


___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAv

[Stephen Gran]

On Tue, Nov 29, 2005 at 05:04:47AM +, Markus Braun said:
> Hi,
> i looked at the Readme.DEbian and found this here:

[ some instructions ]

>   deny  message = This message contains a virus: ($malware_name) please scan 
> your system.
> 
> I have addes this lines to my configuration, but the ZIP Eicar testfile 
> comes directly in my mailbox, but i think some other virus mails are 
> blocked. This is some text of the rejectlog:

[ no log lines containing the above message ]

These are not being blocked by the malware stanza.  

> Can i test it with another virust test string?

I don't think this is the problem.  grep for the message in your exim
logs.  If you get no hits, clamav has not seen anything it thinks is a
virus.

At that point, I would start looking in the clamav logs to see if there
are error messages related to scanning, I might add LogClean to the
config file to see if it is actually invoked, etc.
-- 
 --
|  Stephen Gran  | linux: because a PC is a terrible thing |
|  [EMAIL PROTECTED] | to waste ([EMAIL PROTECTED] put this on   |
|  http://www.lobefin.net/~steve | Tshirts in '93) |
 --


signature.asc
Description: Digital signature
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAv

[Markus Braun]

At that point, I would start looking in the clamav logs to see if there
are error messages related to scanning, I might add LogClean to the
config file to see if it is actually invoked, etc.


yes thank you. I found in the clamav log this:

Mon Nov 28 23:26:24 2005 -> 
/var/spool/exim4/scan/1EgrS4-0006HV-FL/1EgrS4-0006HV-FL.eml: 
Eicar-Test-Signature FOUND
Mon Nov 28 23:26:36 2005 -> 
/var/spool/exim4/scan/1EgrSG-0006Ha-Bn/1EgrSG-0006Ha-Bn.eml: 
Eicar-Test-Signature FOUND
Mon Nov 28 23:27:07 2005 -> 
/var/spool/exim4/scan/1EgrSl-0006Hv-6G/1EgrSl-0006Hv-6G.eml: 
Eicar-Test-Signature FOUND
Mon Nov 28 23:27:23 2005 -> 
/var/spool/exim4/scan/1EgrT1-0006I0-OR/1EgrT1-0006I0-OR.eml: 
Eicar-Test-Signature FOUND
Mon Nov 28 23:27:43 2005 -> 
/var/spool/exim4/scan/1EgrTL-0006IE-IW/1EgrTL-0006IE-IW.eml: 
Eicar-Test-Signature FOUND


So he found the eicar test signature. But why is it in my inbox?
What does clamav do with virus files?

block or remove?

Thanks for your help

marcus

_
Sie suchen E-Mails, Dokumente oder Fotos? Die neue MSN Suche Toolbar mit 
Windows-Desktopsuche liefert in sekundenschnelle Ergebnisse. Jetzt neu! 
http://desktop.msn.de/ Jetzt gratis downloaden!


___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAv

[Stephen Gran]

On Tue, Nov 29, 2005 at 10:36:13AM +, Markus Braun said:
> 
> >At that point, I would start looking in the clamav logs to see if there
> >are error messages related to scanning, I might add LogClean to the
> >config file to see if it is actually invoked, etc.
> 
> yes thank you. I found in the clamav log this:
> 
> Mon Nov 28 23:26:24 2005 -> 
> /var/spool/exim4/scan/1EgrS4-0006HV-FL/1EgrS4-0006HV-FL.eml: 
> Eicar-Test-Signature FOUND
> 
> So he found the eicar test signature. But why is it in my inbox?
> What does clamav do with virus files?
> 
> block or remove?

Neither.  Identify only - it's up to whatever uses clamav to make those
policy level decisions.

Again, look at your exim logs to see if you can find instances of the
message that you said you are using.  I am getting the idea that you
have not reloaded exim, and it is still running with the 'warn'
directive rather than the 'deny' directive.
-- 
 --
|  Stephen Gran  | Pecor's Health-Food Principle:  Never   |
|  [EMAIL PROTECTED] | eat rutabaga on any day of the week |
|  http://www.lobefin.net/~steve | that has a "y" in it.   |
 --


signature.asc
Description: Digital signature
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAv

[Marc Haber]

On Tue, Nov 29, 2005 at 10:36:13AM +, Markus Braun wrote:
> yes thank you. I found in the clamav log this:
> 
> Mon Nov 28 23:26:24 2005 -> 
> /var/spool/exim4/scan/1EgrS4-0006HV-FL/1EgrS4-0006HV-FL.eml: 
> Eicar-Test-Signature FOUND
> Mon Nov 28 23:26:36 2005 -> 
> /var/spool/exim4/scan/1EgrSG-0006Ha-Bn/1EgrSG-0006Ha-Bn.eml: 
> Eicar-Test-Signature FOUND
> Mon Nov 28 23:27:07 2005 -> 
> /var/spool/exim4/scan/1EgrSl-0006Hv-6G/1EgrSl-0006Hv-6G.eml: 
> Eicar-Test-Signature FOUND
> Mon Nov 28 23:27:23 2005 -> 
> /var/spool/exim4/scan/1EgrT1-0006I0-OR/1EgrT1-0006I0-OR.eml: 
> Eicar-Test-Signature FOUND
> Mon Nov 28 23:27:43 2005 -> 
> /var/spool/exim4/scan/1EgrTL-0006IE-IW/1EgrTL-0006IE-IW.eml: 
> Eicar-Test-Signature FOUND
> 
> So he found the eicar test signature. But why is it in my inbox?
> What does clamav do with virus files?

Clamav does only detect them. What you do with them depends on the
configuration of the MTA. You are off-topic here.

Since the ACL statement you posted recently seems to be OK, it looks
like you have added it to your configuration at the wrong place. Where
did you add it?

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav.*

[Thomas Lamy]

I just registered clamav.de, with www.clamav.de being CNAME www.clamav.net

Thomas



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav.*

[Fajar A. Nugraha]

That won't work right away. Folks at clamav.net / sourceforge should
also add www.clamav.de as their virtual host.
Otherwise, you'll get errors such as this :

bash-2.03# telnet 66.35.250.210 80
Trying 66.35.250.210...
Connected to 66.35.250.210.
Escape character is '^]'.
GET / HTTP/1.0
Host: www.clamav.de

HTTP/1.1 200 OK
Date: Fri, 12 Dec 2003 09:19:01 GMT
Server: Apache/1.3.26 (Unix) PHP/4.1.2
Last-Modified: Fri, 07 Sep 2001 18:23:40 GMT
ETag: "b5a9-264-3b9910ac"
Accept-Ranges: bytes
Content-Length: 612
Connection: close
Content-Type: text/html



 
  SourceForge.Net
 



You have probably reached this page in error.

//=remaining html removed


When you should get this :

bash-2.03# telnet 66.35.250.210 80
Trying 66.35.250.210...
Connected to 66.35.250.210.
Escape character is '^]'.
GET / HTTP/1.0
Host: www.clamav.net


HTTP/1.1 200 OK
Date: Fri, 12 Dec 2003 09:19:50 GMT
Server: Apache/1.3.26 (Unix) PHP/4.1.2
Last-Modified: Thu, 11 Dec 2003 13:27:22 GMT
ETag: "1912f4-1630-3fd870ba"
Accept-Ranges: bytes
Content-Length: 5680
Connection: close
Content-Type: text/html


http://www.w3.o
rg/TR/html4/loose.dtd">

  
    
    
    
    

//=remaining html removed


Fajar


Thomas Lamy wrote:
I just
registered clamav.de, with www.clamav.de being CNAME www.clamav.net
  
  
Thomas
  
  
  
  
---
  
This SF.net email is sponsored by: IBM Linux Tutorials.
  
Become an expert in LINUX or just sharpen your skills.  Sign up for
IBM's
  
Free Linux Tutorials.  Learn everything from the bash shell to sys
admin.
  
Click now!
http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
  
___
  
Clamav-users mailing list
  
[EMAIL PROTECTED]
  
https://lists.sourceforge.net/lists/listinfo/clamav-users
  
  

Re: [Clamav-users] clamav.*

[Thomas Lamy]

Fajar A. Nugraha wrote:

That won't work right away. Folks at clamav.net / sourceforge should 
also add www.clamav.de as their virtual host.
Otherwise, you'll get errors such as this :

bash-2.03# telnet 66.35.250.210 80
Trying 66.35.250.210...
Connected to 66.35.250.210.
Escape character is '^]'.
GET / HTTP/1.0
Host: www.clamav.de
HTTP/1.1 200 OK
Date: Fri, 12 Dec 2003 09:19:01 GMT
Server: Apache/1.3.26 (Unix) PHP/4.1.2
Last-Modified: Fri, 07 Sep 2001 18:23:40 GMT
ETag: "b5a9-264-3b9910ac"
Accept-Ranges: bytes
Content-Length: 612
Connection: close
Content-Type: text/html


 
  SourceForge.Net
 


*You have probably reached this page in error.*

//=remaining html removed

When you should get this :

bash-2.03# telnet 66.35.250.210 80
Trying 66.35.250.210...
Connected to 66.35.250.210.
Escape character is '^]'.
GET / HTTP/1.0
Host: www.clamav.net
HTTP/1.1 200 OK
Date: Fri, 12 Dec 2003 09:19:50 GMT
Server: Apache/1.3.26 (Unix) PHP/4.1.2
Last-Modified: Thu, 11 Dec 2003 13:27:22 GMT
ETag: "1912f4-1630-3fd870ba"
Accept-Ranges: bytes
Content-Length: 5680
Connection: close
Content-Type: text/html

http://www.w3.o
rg/TR/html4/loose.dtd">

  



**

//=remaining html removed

Fajar

Thomas Lamy wrote:

I just registered clamav.de, with www.clamav.de being CNAME 
www.clamav.net

Thomas

Ok, I'll set up a redirector.

In a hurry,
  Thomas


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav.*

[[EMAIL PROTECTED]]

Why spend the money buying up all these domain names?  Why not just use
the country codes in front of clamav.net?

Luca, we should add something to the unofficial debian packages to let
people select their country code if we decide to go this route.  It
might be nice to have this as part of the config file or something. 
This, however, probably belongs on clamav-devel and clamav-mirrors.

I'll try to get something done with the nagios plugin for handling
mirrors what we discussed.  I've been a bit busy lately.

Cheers,

Mike



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav.*

[Stewart MacLund]

Fajar A. Nugraha said:
> That won't work right away. Folks at clamav.net / sourceforge should
> also add www.clamav.de as their virtual host.
> Otherwise, you'll get errors such as this :

Yup.  I had noticed this.

I've worked around the problem by pointing the DNS record at my own
server, and making an index.php with:



in it.  Which will automagically redirect the domain.  Just FYI for other
people who might not know that little trick.

SUndie...

ps - i just did it now, may take a few minites to start working.  Someone
email me if they notice it NOT working.





---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav.*

[Eduardo Kaftanski]

On Fri, Dec 12, 2003 at 09:45:07AM -0500, [EMAIL PROTECTED] wrote:
> Why spend the money buying up all these domain names?  Why not just use
> the country codes in front of clamav.net?

very good idea.


> 
> Luca, we should add something to the unofficial debian packages to let
> people select their country code if we decide to go this route.  It
> might be nice to have this as part of the config file or something. 
> This, however, probably belongs on clamav-devel and clamav-mirrors.
> 
> I'll try to get something done with the nagios plugin for handling
> mirrors what we discussed.  I've been a bit busy lately.
> 
> Cheers,
> 
> Mike
> 
> 
> 
> ---
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users

-- 
Eduardo Kaftanski
[EMAIL PROTECTED]
Red Hat Certified Engineer/Instructor/Examiner
Gerente Ingenieria LinuxCenter S.A.
Canada 239 5to Piso, Providencia, Stgo de Chile.
http://www.linuxcenter.cl +56-2-2745000


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [clamav-users] ClamAV 1.0.1

[Steve Basford via clamav-users]

On 23 May 2023 21:59:22 Paul Netpresto  wrote:


Hello

What should the behaviour of a running clamd be when it comes across a
malformed database during a signature-reload.

Clamd.conf has setting "ConcurrentDatabaseReload no"

Regards Paul



Hi Paul,

Is there is a malformed database freshclam will ignore it and shouldn't update.

If it's a manually updated database, clamd will report the error in logs.

That options means

concurrentDatabaseReload BOOL
Enable non-blocking (multi-threaded/concurrent) database reloads. This 
feature will temporarily load a second scanning engine while scanning 
continues using the first engine. Once loaded, the new engine takes over. 
The old engine is removed as soon as all scans using the old engine have 
completed. This feature requires more RAM, so this option is provided in 
case users are willing to block scans during reload in exchange for lower 
RAM requirements.

Default: yes


Cheers,


Steve
Sanesecurity.com
3rdparty ClamAV signatures




___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat



Cheers,

Steve
Twitter: @sanesecurity
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] ClamAV 1.0.1

[Paul Netpresto]

Hi

I have found that 1.0.1 and 0.103.8 both behave badly if they find a 
malformed db. Agreed freshclam checks out the clamav/cisco db's.


I have yet to determine what unofficial db caused the failure. They 
should all have been verified before being placed in /var/lib/clamav/


Clamd ends up only partially running accepting connections creating a 
/tmp/clamav file then giving up on the scan part of the job.


Eventually clamd has 1024 open /tmp/clamav... files and further 
connections generate massive logs very quickly (like 3.5G in an hour )


It would be better if it exited when it cannot continue.

Regards Paul

On 24/05/2023 07:17, Steve Basford via clamav-users wrote:

On 23 May 2023 21:59:22 Paul Netpresto  wrote:


Hello

What should the behaviour of a running clamd be when it comes across a
malformed database during a signature-reload.

Clamd.conf has setting "ConcurrentDatabaseReload no"

Regards Paul



Hi Paul,

Is there is a malformed database freshclam will ignore it and 
shouldn't update.


If it's a manually updated database, clamd will report the error in logs.

That options means

*concurrentDatabaseReload BOOL* 


Enable non-blocking (multi-threaded/concurrent) database reloads.
This feature will temporarily load a second scanning engine while
scanning continues using the first engine. Once loaded, the new
engine takes over. The old engine is removed as soon as all scans
using the old engine have completed. This feature requires more
RAM, so this option is provided in case users are willing to block
scans during reload in exchange for lower RAM requirements.
Default: yes

Cheers, 


Steve
Sanesecurity.com 
3rdparty ClamAV signatures



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat



Cheers,

Steve
Twitter: @sanesecurity

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] ClamAV 1.0.1

[Alexeyd 1000 via clamav-users]

Hello! I believe this is how to contact the customer care.
I was wondering whether or not ClamAV has real time protection for your
system? And if so, how do I turn it on? I can't find it in my GUI settings
and it does not seem to be running either way.
Thanks!
Alex

On Wed, May 24, 2023, 12:00 AM Paul Netpresto  wrote:

> Hello
>
> What should the behaviour of a running clamd be when it comes across a
> malformed database during a signature-reload.
>
> Clamd.conf has setting "ConcurrentDatabaseReload no"
>
> Regards Paul
>
> ___
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
>
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] ClamAV 1.0.1

[Steve Basford via clamav-users]

On 24 May 2023 18:52:04 Paul Netpresto  wrote:

Hi


I have found that 1.0.1 and 0.103.8 both behave badly if they find a 
malformed db. Agreed freshclam checks out the clamav/cisco db's.


I have yet to determine what unofficial db caused the failure. They should 
all have been verified before being placed in /var/lib/clamav/

How are you downloading the 3rd party sigs...

This script checks integrity... before copying to live folder...


https://github.com/extremeshok/clamav-unofficial-sigs

I check db integrity before uploading to mirrors.

Please email me off list with some logs

Cheers,

Steve
Twitter: @sanesecurity
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] ClamAV 1.0.1

[Steve Basford via clamav-users]

On 24 May 2023 18:52:04 Paul Netpresto  wrote:

Hi


I have found that 1.0.1 and 0.103.8 both behave badly if they find a 
malformed db. Agreed freshclam checks out the clamav/cisco db's.


I have yet to determine what unofficial db caused the failure. They should 
all have been verified before being placed in /var/lib/clamav/


Also this fab download script

https://github.com/rseichter/fangfrisch


Cheers,

Steve
Twitter: @sanesecurity
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] ClamAV 1.0.1

[Paul Netpresto]

Hi Steve

Note it would be nice if clamd said which db it did not like ..

I reckon the start of the problem is "Database reload failed, keeping 
the previous instance" when there is no previous instance.


Mon May 22 13:04:40 2023 -> Reading databases from /var/lib/clamav/
Mon May 22 13:05:01 2023 -> ERROR: reload_th: Database load failed: 
Malformed da

tabase
Mon May 22 13:05:02 2023 -> Database reload completed.
Mon May 22 13:05:02 2023 -> WARNING: Database reload failed, keeping the 
previou

s instance
Mon May 22 13:06:30 2023 -> ERROR: cl_engine_addref() failed
Mon May 22 13:06:30 2023 -> ERROR: Command dispatch failed
Mon May 22 13:06:30 2023 -> ERROR: INSTREAM: Can't write to temporary file.
Mon May 22 13:06:30 2023 -> ERROR: cl_engine_addref() failed
Mon May 22 13:06:30 2023 -> ERROR: Command dispatch failed
Mon May 22 13:06:30 2023 -> ERROR: INSTREAM: Can't write to temporary file.
Mon May 22 13:06:46 2023 -> ERROR: cl_engine_addref() failed
Mon May 22 13:06:46 2023 -> ERROR: Command dispatch failed
Mon May 22 13:08:31 2023 -> ERROR: cl_engine_addref() failed
Mon May 22 13:08:31 2023 -> ERROR: Command dispatch failed

    Lots more of the above snipped

Note a /tmp/clamav-*** is created for each connection containing 
whatever was submitted till max files open limit is reached.



Then this starts

Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files

3.5 G later /var/ is full !!

On 24/05/2023 19:39, Steve Basford via clamav-users wrote:


On 24 May 2023 18:52:04 Paul Netpresto  wrote:


Hi

I have found that 1.0.1 and 0.103.8 both behave badly if they find a 
malformed db. Agreed freshclam checks out the clamav/cisco db's.


I have yet to determine what unofficial db caused the failure. They 
should all have been verified before being placed in /var/lib/clamav/




How are you downloading the 3rd party sigs...

This script checks integrity... before copying to live folder...


https://github.com/extremeshok/clamav-unofficial-sigs

I check db integrity before uploading to mirrors.

Please email me off list with some logs

Cheers,

Steve
Twitter: @sanesecurity

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] ClamAV 1.0.1

[Steve Basford via clamav-users]

Could you do a ls of the clamav database folder... So I can see what 
databases you are using


Does the database name appear in the logs when clamd.con

# Enable verbose logging.
# Default: no
LogVerbose yes
If you run clamscan -- database=clamav database folder test.file does it 
report database errors

How much memory/disk space

What download script... Any errors logs there to look at?

Sorry for the number of questions...
On 24 May 2023 19:54:57 Paul Netpresto  wrote:

Hi Steve
Note it would be nice if clamd said which db it did not like ..
I reckon the start of the problem is "Database reload failed, keeping the 
previous instance" when there is no previous instance.

Mon May 22 13:04:40 2023 -> Reading databases from /var/lib/clamav/
Mon May 22 13:05:01 2023 -> ERROR: reload_th: Database load failed: 
Malformed da

tabase
Mon May 22 13:05:02 2023 -> Database reload completed.
Mon May 22 13:05:02 2023 -> WARNING: Database reload failed, keeping the 
previou

s instance
Mon May 22 13:06:30 2023 -> ERROR: cl_engine_addref() failed
Mon May 22 13:06:30 2023 -> ERROR: Command dispatch failed
Mon May 22 13:06:30 2023 -> ERROR: INSTREAM: Can't write to temporary file.
Mon May 22 13:06:30 2023 -> ERROR: cl_engine_addref() failed
Mon May 22 13:06:30 2023 -> ERROR: Command dispatch failed
Mon May 22 13:06:30 2023 -> ERROR: INSTREAM: Can't write to temporary file.
Mon May 22 13:06:46 2023 -> ERROR: cl_engine_addref() failed
Mon May 22 13:06:46 2023 -> ERROR: Command dispatch failed
Mon May 22 13:08:31 2023 -> ERROR: cl_engine_addref() failed
Mon May 22 13:08:31 2023 -> ERROR: Command dispatch failedLots more of the 
above snipped
Note a /tmp/clamav-*** is created for each connection containing whatever 
was submitted till max files open limit is reached.


Then this starts
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files

3.5 G later /var/ is full !!
On 24/05/2023 19:39, Steve Basford via clamav-users wrote:

On 24 May 2023 18:52:04 Paul Netpresto  wrote:

Hi
I have found that 1.0.1 and 0.103.8 both behave badly if they find a 
malformed db. Agreed freshclam checks out the clamav/cisco db's.
I have yet to determine what unofficial db caused the failure. They should 
all have been verified before being placed in /var/lib/clamav/

How are you downloading the 3rd party sigs...

This script checks integrity... before copying to live folder...


https://github.com/extremeshok/clamav-unofficial-sigs

I check db integrity before uploading to mirrors.

Please email me off list with some logs

Cheers,

Steve
Twitter: @sanesecurity

___ Manage your clamav-users 
mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users He

Re: [clamav-users] ClamAV 1.0.1

[Steve Basford via clamav-users]

On 24 May 2023 21:57:33 Steve Basford via clamav-users 
 wrote:
Could you do a ls of the clamav database folder... So I can see what 
databases you are using

Sorry all should have been of list... Duh ;)

Cheers,

Steve
Twitter: @sanesecurity
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] ClamAV 1.0.1

[Paul Netpresto]

Hi Steve

I am sure I can get to the bottom of how/what db was malformed.

I am more concerned on how clamd behaves when reloading db's hits an 
issue and there is no previous  DB instance  available.


I am 99% sure clamd simply terminated prior to multi instance DB images 
being introduced . Now it runs amok in my opinion certainly 3G of errors 
in logs within an hour is not good


Thanks for the links I will check if the current scripts used for 
unofficial db's can be improved.


Regards Paul


On 24/05/2023 21:57, Steve Basford via clamav-users wrote:
when there is no previous instance. 

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] ClamAV Info

[Leonardo Rodrigues]

Em 21/05/2019 11:37, Christopher Do - IQ-C via clamav-users escreveu:

Hi,

I'm looking at endpoint security solutions and was wondering if anyone 
could help me out with this info for ClamAV?




    basically, clamav is not what you're looking for ... it's basically 
a file scanner antivirus, not a resident antivirus, not a memory 
scanning antivirus, nothing of these features you're looking for. clamav 
is not an endpoint antivirus, it's a simply file scanner antivirus.





--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it




___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV Info

[Alan Stern]

On Tue, 21 May 2019, Leonardo Rodrigues wrote:

> Em 21/05/2019 11:37, Christopher Do - IQ-C via clamav-users escreveu:
> > Hi,
> >
> > I'm looking at endpoint security solutions and was wondering if anyone 
> > could help me out with this info for ClamAV?
> >
> 
>      basically, clamav is not what you're looking for ... it's basically 
> a file scanner antivirus, not a resident antivirus, not a memory 
> scanning antivirus, nothing of these features you're looking for. clamav 
> is not an endpoint antivirus, it's a simply file scanner antivirus.

In fact, ClamAV is simply a file virus scanner.  It isn't an
"antivirus" at all -- it cannot remove viruses or deactivate them.

Alan Stern


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV Info

[Christopher Do - IQ-C via clamav-users]

It can quarantine files, right?

*Christopher Do*
FAS Cloud Services (FCS)
General Services Administration (GSA)
P: 571-346-8097  E: christopher...@gsa.gov



On Wed, May 22, 2019 at 10:49 AM Alan Stern 
wrote:

> On Tue, 21 May 2019, Leonardo Rodrigues wrote:
>
> > Em 21/05/2019 11:37, Christopher Do - IQ-C via clamav-users escreveu:
> > > Hi,
> > >
> > > I'm looking at endpoint security solutions and was wondering if anyone
> > > could help me out with this info for ClamAV?
> > >
> >
> >  basically, clamav is not what you're looking for ... it's basically
> > a file scanner antivirus, not a resident antivirus, not a memory
> > scanning antivirus, nothing of these features you're looking for. clamav
> > is not an endpoint antivirus, it's a simply file scanner antivirus.
>
> In fact, ClamAV is simply a file virus scanner.  It isn't an
> "antivirus" at all -- it cannot remove viruses or deactivate them.
>
> Alan Stern
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV Info

[Matus UHLAR - fantomas]

On 22.05.19 10:51, Christopher Do - IQ-C via clamav-users wrote:

It can quarantine files, right?


no, only scan for viruses. other functionalities are left for different
software following basic UNIX logic "do one thing and do it good".


On Wed, May 22, 2019 at 10:49 AM Alan Stern 
wrote:


On Tue, 21 May 2019, Leonardo Rodrigues wrote:

> Em 21/05/2019 11:37, Christopher Do - IQ-C via clamav-users escreveu:
> > Hi,
> >
> > I'm looking at endpoint security solutions and was wondering if anyone
> > could help me out with this info for ClamAV?
> >
>
>  basically, clamav is not what you're looking for ... it's basically
> a file scanner antivirus, not a resident antivirus, not a memory
> scanning antivirus, nothing of these features you're looking for. clamav
> is not an endpoint antivirus, it's a simply file scanner antivirus.

In fact, ClamAV is simply a file virus scanner.  It isn't an
"antivirus" at all -- it cannot remove viruses or deactivate them.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV Info

[Joel Esler (jesler) via clamav-users]

It can.  –move  will do it.

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com

From: clamav-users  on behalf of 
Christopher Do - IQ-C via clamav-users 
Reply-To: ClamAV users ML 
Date: Wednesday, May 22, 2019 at 10:52 AM
To: ClamAV users ML 
Cc: Christopher Do - IQ-C 
Subject: Re: [clamav-users] ClamAV Info

It can quarantine files, right?

Christopher Do
FAS Cloud Services (FCS)
General Services Administration (GSA)
P: 571-346-8097  E: christopher...@gsa.gov<mailto:christopher...@gsa.gov>



On Wed, May 22, 2019 at 10:49 AM Alan Stern 
mailto:st...@rowland.harvard.edu>> wrote:
On Tue, 21 May 2019, Leonardo Rodrigues wrote:

> Em 21/05/2019 11:37, Christopher Do - IQ-C via clamav-users escreveu:
> > Hi,
> >
> > I'm looking at endpoint security solutions and was wondering if anyone
> > could help me out with this info for ClamAV?
> >
>
>  basically, clamav is not what you're looking for ... it's basically
> a file scanner antivirus, not a resident antivirus, not a memory
> scanning antivirus, nothing of these features you're looking for. clamav
> is not an endpoint antivirus, it's a simply file scanner antivirus.

In fact, ClamAV is simply a file virus scanner.  It isn't an
"antivirus" at all -- it cannot remove viruses or deactivate them.

Alan Stern


___

clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV CVE's

[Al Varnell via clamav-users]

I'm don't see anything specifying 0.100.3 yet: 
>.

-Al-
ClamXAV user

On Aug 22, 2019, at 14:12, Chris Pollock via clamav-users 
 wrote:
> The most current version is ClamAV 0.100.3 for Ubuntu 18.04.3 LTS. Is
> there a list of CVE's that I can reference in a bug report to try and
> get ClamAV updated to the latest version?
> 
> Thank you
> Chris
> 
> -- 
> Chris


smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV CVE's

[Chris Pollock via clamav-users]

On Thu, 2019-08-22 at 16:58 -0700, Al Varnell via clamav-users wrote:
> I'm don't see anything specifying 0.100.3 yet: <
> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=clamav>.
> 
> -Al-
> ClamXAV user

Thanks Al, maybe I'm reading the listing wrong but these
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1787

refer to Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior.
Wouldn't 0.100.3 fit into those parameters? 

> 
> On Aug 22, 2019, at 14:12, Chris Pollock via clamav-users <
> clamav-users@lists.clamav.net> wrote:
> > The most current version is ClamAV 0.100.3 for Ubuntu 18.04.3 LTS.
> > Is
> > there a list of CVE's that I can reference in a bug report to try
> > and
> > get ClamAV updated to the latest version?
> > 
> > Thank you
> > Chris
> > 
> > -- 
> > Chris
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
-- 
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
19:34:56 up 9 days, 10:52, 1 user, load average: 1.03, 0.77, 0.58
Description:Ubuntu 18.04.3 LTS, kernel 5.0.0-25-generic


signature.asc
Description: This is a digitally signed message part

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV CVE's

[Al Varnell via clamav-users]

Yes, I'm sorry, I was thinking of 0.101.3 when I said that.

-Al-

On Thu, Aug 22, 2019 at 17:37 PM, Chris Pollock via clamav-users wrote:
> On Thu, 2019-08-22 at 16:58 -0700, Al Varnell via clamav-users wrote:
>> I'm don't see anything specifying 0.100.3 yet: <
>> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=clamav 
>> >.
>> 
>> -Al-
>> ClamXAV user
> 
> Thanks Al, maybe I'm reading the listing wrong but these
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1798 
> 
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1788 
> 
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1787 
> 
> 
> refer to Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior.
> Wouldn't 0.100.3 fit into those parameters? 
> 
>> 
>> On Aug 22, 2019, at 14:12, Chris Pollock via clamav-users <
>> clamav-users@lists.clamav.net > wrote:
>>> The most current version is ClamAV 0.100.3 for Ubuntu 18.04.3 LTS.
>>> Is
>>> there a list of CVE's that I can reference in a bug report to try
>>> and
>>> get ClamAV updated to the latest version?
>>> 
>>> Thank you
>>> Chris
>>> 
>>> -- 
>>> Chris
>> 
>> ___
>> 
>> clamav-users mailing list
>> clamav-users@lists.clamav.net 
>> https://lists.clamav.net/mailman/listinfo/clamav-users 
>> 
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq 
>> 
>> 
>> http://www.clamav.net/contact.html#ml 




smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV CVE's

[Chris Pollock via clamav-users]

On Thu, 2019-08-22 at 17:46 -0700, Al Varnell via clamav-users wrote:
> Yes, I'm sorry, I was thinking of 0.101.3 when I said that.
> 
> -Al-
> 
No problem, so, I can reference these to hopefully get an update built
for 18.04. I'll file a bug report tomorrow some time. 
Thanks Al.

> On Thu, Aug 22, 2019 at 17:37 PM, Chris Pollock via clamav-users
> wrote:
> > On Thu, 2019-08-22 at 16:58 -0700, Al Varnell via clamav-users
> > wrote:
> > > I'm don't see anything specifying 0.100.3 yet: <
> > > https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=clamav>;.
> > > 
> > > -Al-
> > > ClamXAV user
> > 
> > Thanks Al, maybe I'm reading the listing wrong but these
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1798
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1788
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1787
> > 
> > refer to Clam AntiVirus (ClamAV) Software versions 0.101.1 and
> > prior.
> > Wouldn't 0.100.3 fit into those parameters? 
> > 
> > > On Aug 22, 2019, at 14:12, Chris Pollock via clamav-users <
> > > clamav-users@lists.clamav.net> wrote:
> > > > The most current version is ClamAV 0.100.3 for Ubuntu 18.04.3
> > > > LTS.
> > > > Is
> > > > there a list of CVE's that I can reference in a bug report to
> > > > try
> > > > and
> > > > get ClamAV updated to the latest version?
> > > > 
> > > > Thank you
> > > > Chris
> > > > 
> > > > -- 
> > > > Chris
> > > 
> > > ___
> > > 
> > > clamav-users mailing list
> > > clamav-users@lists.clamav.net
> > > https://lists.clamav.net/mailman/listinfo/clamav-users
> > > 
> > > 
> > > Help us build a comprehensive ClamAV guide:
> > > https://github.com/vrtadmin/clamav-faq
> > > 
> > > http://www.clamav.net/contact.html#ml
> 
> 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
-- 
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
19:52:06 up 9 days, 11:09, 1 user, load average: 1.74, 1.27, 0.98
Description:Ubuntu 18.04.3 LTS, kernel 5.0.0-25-generic



signature.asc
Description: This is a digitally signed message part

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV CVE's

[Micah Snyder (micasnyd) via clamav-users]

Chris, Al,

I think the CVE description is slightly misleading.  0.100.3 was created at the 
same time as 0.101.2 and addressed each of those:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

However, these issues affect all versions prior to 0.101.4, as we did not 
create a patch for 0.100 this time:
* CVE-2019-12625: zip-bomb scan time issue.
* CVE-2019-12900: bz2 buffer overwrite in NSIS parser's copy of libbz2 
decompression code.

And this issue affects all versions prior to 0.101.3:
* CVE-2019-1010305: libmspack buffer overflow in CHM file parser in bundled 
version of libmspack (if using).

This is still reason enough to update.
As a side note, CVE-2019-12625 is still private though it was supposed to be 
published yesterday.  Will get it opened up as soon as possible. 

-Micah

On 8/22/19, 8:54 PM, "clamav-users on behalf of Chris Pollock via 
clamav-users"  wrote:

On Thu, 2019-08-22 at 17:46 -0700, Al Varnell via clamav-users wrote:
> Yes, I'm sorry, I was thinking of 0.101.3 when I said that.
> 
> -Al-
> 
No problem, so, I can reference these to hopefully get an update built
for 18.04. I'll file a bug report tomorrow some time. 
Thanks Al.

> On Thu, Aug 22, 2019 at 17:37 PM, Chris Pollock via clamav-users
> wrote:
> > On Thu, 2019-08-22 at 16:58 -0700, Al Varnell via clamav-users
> > wrote:
> > > I'm don't see anything specifying 0.100.3 yet: <
> > > https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=clamav>;.
> > > 
> > > -Al-
> > > ClamXAV user
> > 
> > Thanks Al, maybe I'm reading the listing wrong but these
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1798
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1788
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1787
> > 
> > refer to Clam AntiVirus (ClamAV) Software versions 0.101.1 and
> > prior.
> > Wouldn't 0.100.3 fit into those parameters? 
> > 
> > > On Aug 22, 2019, at 14:12, Chris Pollock via clamav-users <
> > > clamav-users@lists.clamav.net> wrote:
> > > > The most current version is ClamAV 0.100.3 for Ubuntu 18.04.3
> > > > LTS.
> > > > Is
> > > > there a list of CVE's that I can reference in a bug report to
> > > > try
> > > > and
> > > > get ClamAV updated to the latest version?
> > > > 
> > > > Thank you
> > > > Chris
> > > > 
> > > > -- 
> > > > Chris
> > > 
> > > ___
> > > 
> > > clamav-users mailing list
> > > clamav-users@lists.clamav.net
> > > https://lists.clamav.net/mailman/listinfo/clamav-users
> > > 
> > > 
> > > Help us build a comprehensive ClamAV guide:
> > > https://github.com/vrtadmin/clamav-faq
> > > 
> > > http://www.clamav.net/contact.html#ml
> 
> 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
-- 
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
19:52:06 up 9 days, 11:09, 1 user, load average: 1.74, 1.27, 0.98
Description:Ubuntu 18.04.3 LTS, kernel 5.0.0-25-generic




___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV CVE's

[Matus UHLAR - fantomas]

On 22.08.19 16:12, Chris Pollock via clamav-users wrote:

The most current version is ClamAV 0.100.3 for Ubuntu 18.04.3 LTS. Is
there a list of CVE's that I can reference in a bug report to try and
get ClamAV updated to the latest version?


Debian has this:

https://security-tracker.debian.org/tracker/source-package/clamav
...which currently only links to:
https://security-tracker.debian.org/tracker/CVE-2019-12625

and ubuntu has this:

https://people.canonical.com/~ubuntu-security/cve/pkg/clamav.html
...which currently only links to:
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12625.html

I haven't looked what the "needs-triage" means.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV CVE's

[Chris Pollock via clamav-users]

On Fri, 2019-08-23 at 18:47 +0200, Matus UHLAR - fantomas wrote:
> On 22.08.19 16:12, Chris Pollock via clamav-users wrote:
> > The most current version is ClamAV 0.100.3 for Ubuntu 18.04.3 LTS.
> > Is
> > there a list of CVE's that I can reference in a bug report to try
> > and
> > get ClamAV updated to the latest version?
> 
> Debian has this:
> 
> https://security-tracker.debian.org/tracker/source-package/clamav
> ...which currently only links to:
> https://security-tracker.debian.org/tracker/CVE-2019-12625
> 
> and ubuntu has this:
> 
> https://people.canonical.com/~ubuntu-security/cve/pkg/clamav.html
> ...which currently only links to:
> 
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12625.html
> 
> I haven't looked what the "needs-triage" means.
> 
Hi Matus, I believe this actually relates to the 0.100.3 release.

https://launchpad.net/ubuntu/bionic/+source/clamav

Here's the bug report I did back in March of this year to get the
update done. I'll go in and file a new one this afternoon to see about
getting it updated to the most current release.

https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1822503

Chris

-- 
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
15:21:54 up 10 days, 6:38, 1 user, load average: 0.97, 0.92, 0.69
Description:Ubuntu 18.04.3 LTS, kernel 5.0.0-25-generic


signature.asc
Description: This is a digitally signed message part

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV CVE's

[Matus UHLAR - fantomas]

On 22.08.19 16:12, Chris Pollock via clamav-users wrote:
> The most current version is ClamAV 0.100.3 for Ubuntu 18.04.3 LTS.
> Is
> there a list of CVE's that I can reference in a bug report to try
> and
> get ClamAV updated to the latest version?



On Fri, 2019-08-23 at 18:47 +0200, Matus UHLAR - fantomas wrote:

Debian has this:

https://security-tracker.debian.org/tracker/source-package/clamav
...which currently only links to:
https://security-tracker.debian.org/tracker/CVE-2019-12625

and ubuntu has this:

https://people.canonical.com/~ubuntu-security/cve/pkg/clamav.html
...which currently only links to:


https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12625.html


I haven't looked what the "needs-triage" means.


On 23.08.19 15:28, Chris Pollock via clamav-users wrote:

Hi Matus, I believe this actually relates to the 0.100.3 release.

https://launchpad.net/ubuntu/bionic/+source/clamav

Here's the bug report I did back in March of this year to get the
update done. I'll go in and file a new one this afternoon to see about
getting it updated to the most current release.

https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1822503


the first vulnerability mentioned there is CVE-2019-1787.

debian reports it fixed in debian packages:
https://security-tracker.debian.org/tracker/CVE-2019-1787

I believe it's the same for ubuntu packages:
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1787

I haven't looked at the rest of vulnerabilities, they may be still present
(e.g. ignored because evaluated as minor or not applicable).

What I want to say is, that whole fact about debian and ubuntu having older
than newest clamav packages does NOT mean that the security bugs are not
fixed there.

What was already mentioned is that distribution packagers do backport fixes
to older versions to prevent incompatibilities introduced by newer packages,
pretty summarised here:

https://lists.clamav.net/pipermail/clamav-users/2019-August/008248.html


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your system's speed by 500% - DEL C:\WINDOWS\*.*

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV users

[Micah Snyder (micasnyd) via clamav-users]

Stephen,

You will have to manually unsubscribe, here: 
https://lists.clamav.net/mailman/listinfo/clamav-users

-Micah

From: clamav-users  on behalf of Stephen 
Baron via clamav-users 
Reply-To: ClamAV users ML 
Date: Friday, April 10, 2020 at 3:57 PM
To: "clamav-users@lists.clamav.net" 
Cc: Stephen Baron 
Subject: [clamav-users] ClamAV users

Please take me off the list. I am not a ClamAV user.

Thank you.

Get Outlook for Android

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV users

[Dan Fiore via clamav-users]

UNSUBSCRIBE 

Thank you. 

Dan Fiore
(410) 936-0848

> On Apr 10, 2020, at 4:01 PM, Micah Snyder (micasnyd) via clamav-users 
>  wrote:
> 
> 
> Stephen,
>  
> You will have to manually unsubscribe, here: 
> https://lists.clamav.net/mailman/listinfo/clamav-users
>  
> -Micah
>  
> From: clamav-users  on behalf of 
> Stephen Baron via clamav-users 
> Reply-To: ClamAV users ML 
> Date: Friday, April 10, 2020 at 3:57 PM
> To: "clamav-users@lists.clamav.net" 
> Cc: Stephen Baron 
> Subject: [clamav-users] ClamAV users
>  
> Please take me off the list. I am not a ClamAV user. 
>  
> Thank you. 
>  
> Get Outlook for Android
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV users

[Al Varnell via clamav-users]

Dan,

Did you even read what Micah wrote? You have to do it yourself at the site he 
showed and it’s also at the bottom of every message you have ever received from 
this list.

Sent from my iPad

-Al-

> On Apr 10, 2020, at 13:33, Dan Fiore via clamav-users 
>  wrote:
> 
> UNSUBSCRIBE 
> 
> Thank you. 
> 
> Dan Fiore
> (410) 936-0848
> 
>>> On Apr 10, 2020, at 4:01 PM, Micah Snyder (micasnyd) via clamav-users 
>>>  wrote:
>>> 
>> 
>> Stephen,
>>  
>> You will have to manually unsubscribe, here: 
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>  
>> -Micah
>>  
>> From: clamav-users  on behalf of 
>> Stephen Baron via clamav-users 
>> Reply-To: ClamAV users ML 
>> Date: Friday, April 10, 2020 at 3:57 PM
>> To: "clamav-users@lists.clamav.net" 
>> Cc: Stephen Baron 
>> Subject: [clamav-users] ClamAV users
>>  
>> Please take me off the list. I am not a ClamAV user. 
>>  
>> Thank you. 
>>  
>> Get Outlook for Android
>> 
>> ___
>> 
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV users

[Joel Esler (jesler) via clamav-users]

Thank you for writing in.

Go to this URL to change user options or unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users

or by sending an email to clamav-users-le...@lists.clamav.net

Thanks!

Sent from my  iPhone

> On Apr 10, 2020, at 15:58, Stephen Baron via clamav-users 
>  wrote:
> 
> 
> Please take me off the list. I am not a ClamAV user. 
> 
> Thank you. 
> 
> Get Outlook for Android
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV Features

[G.W. Haywood via clamav-users]

Hi there,

On Wed, 29 Apr 2020, Sayanora V via clamav-users wrote:


I would like to understand if any of the following features supported by
ClamAV?

1.   Behavior-based Protection


If you mean "Does ClamAV look at running processes?", then no, it does
not do that.  It normally looks at something which would eventually be
stored in a file, even if at the time it is not so stored (for example
data can be fed to the scanner over a socket connection during a mail
server's conversation with a client, and, if the server decides not to
accept the message, then the data may never be saved to a file).


2.   Heuristic scan


Perhaps yes, although it depends on what you mean by heuristics; see

https://www.clamav.net/documents/libclamav


3.   Script based checks for file


Yes, of course you can write scripts which use ClamAV executables and
libraries; if this answer seems vague please clarify your question.


4.   Script based checks for traffic


ClamAV does not normally inspect network traffic directly, but because
it makes available numerous tools you could (for example) devise a way
to feed network traffic to a clamd daemon.  The name of the ClamAV
'safebrowsing' feature may be misleading.  This is intended _only_ to
detect URIs in email which point to malicious or compromised sites, it
does not for example monitor Web traffic in real time.  There are some
initiatives which do attempt that, you will need to search for them.
The archives for this mailing list may be helpful.


Appreciate your inputs on alternate features to mitigate the above
functionalities(if any).


There is much more information at

https://www.clamav.net/documents


Thank you very music in advance!


(s/music/much/;)

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamav signature

[Alain Zidouemba]

It means that you are using ClamAV version 0.102, with the main.cvd
signature file version 59, and the daily.cvd signature file version 25920.

-Alain

On Thu, Sep 17, 2020 at 1:12 PM Jeff Koch 
wrote:

>
> HI
>
> Looking through our scanning logs we see what appears to be a signature
> that looks like this
>
> clamav: 0.102.4/m:59/d:25920
>
> '0.102.4' refers to the clamav version but what does the rest mean -
> m:59/d:25920 ?
>
> Thanks, Jeff
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamav signature

[Arjen de Korte via clamav-users]

Citeren Jeff Koch :


HI

Looking through our scanning logs we see what appears to be a  
signature that looks like this


clamav: 0.102.4/m:59/d:25920

'0.102.4' refers to the clamav version but what does the rest mean -  
m:59/d:25920 ?


If you look at the freshclam logs, the pattern is fairly obvious:

sep 17 18:45:42 mail freshclam[65271]: daily.cld database is up to  
date (version: 25931, sigs: 4319278, f-level: 63, builder: raynman)
sep 17 18:45:42 mail freshclam[65271]: main.cld database is up to date  
(version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
sep 17 18:45:42 mail freshclam[65271]: bytecode.cld database is up to  
date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)




___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamav signature

[Jeff Koch]

Thanks.

The freshclam logs show daily.cvd signature file version 25930 is 
installed but simscan: clamscan currently shows version 25920 being 
used. How do I get clamscan to use the latest version downloaded?


version 25920 appears to be from September 4th.

Jeff

On 9/17/2020 1:31 PM, Alain Zidouemba wrote:
It means that you are using ClamAV version 0.102, with the main.cvd 
signature file version 59, and the daily.cvd signature file version 
25920.


-Alain

On Thu, Sep 17, 2020 at 1:12 PM Jeff Koch > wrote:



HI

Looking through our scanning logs we see what appears to be a
signature that looks like this

clamav: 0.102.4/m:59/d:25920

'0.102.4' refers to the clamav version but what does the rest mean
- m:59/d:25920 ?

Thanks, Jeff

___

clamav-users mailing list
clamav-users@lists.clamav.net 
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamav signature

[Arjen de Korte via clamav-users]

Citeren Jeff Koch :


Thanks.

The freshclam logs show daily.cvd signature file version 25930 is  
installed but simscan: clamscan currently shows version 25920 being  
used. How do I get clamscan to use the latest version downloaded?


Could be a different location is configured where freshclam updates  
the database and where clamd is looking for it:


# grep DatabaseDirectory /etc/clamd.conf /etc/freshclam.conf
/etc/clamd.conf:#DatabaseDirectory /var/lib/clamav
/etc/freshclam.conf:#DatabaseDirectory /var/lib/clamav

Here the build-in defaults are used for both and they are the same. It  
could be yours differ. Typically, clamd will check this directory  
every 10 minutes, so even if the signal from freshclam that a new  
database is available, clamd should be running the latest one shortly  
after download.





___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamav signature

[G.W. Haywood via clamav-users]

Hi there,

On Thu, 17 Sep 2020, Jeff Koch wrote:

The freshclam logs show daily.cvd signature file version 25930 is installed 
but simscan: clamscan currently shows version 25920 being used. How do I get 
clamscan to use the latest version downloaded?


First take a look through the output of 'clamconf', it might shed some light.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamav signature

[Jeff Koch]

Hi

It appears clamscan is using the latest signature database. We needed to 
run 'qmailctl cdb' to update the signatures being included in logs and 
email headers. Once that was done the signature file version 25931 was 
reported. Seems strange that the clamscan logs needed to get that 
information from qmail's simversions.cdb file.


I ran 'clamconf' - it reports the

Database information

Database directory: /var/lib/clamav
daily.cld: version 25931, sigs: 4319278, built on Thu Sep 17 09:53:56 2020
bytecode.cld: version 331, sigs: 94, built on Thu Sep 19 12:12:33 2019
main.cld: version 59, sigs: 4564902, built on Mon Nov 25 08:56:15 2019
Total number of signatures: 8884274

Thanks, Jeff

On 9/17/2020 6:21 PM, G.W. Haywood via clamav-users wrote:

Hi there,

On Thu, 17 Sep 2020, Jeff Koch wrote:

The freshclam logs show daily.cvd signature file version 25930 is 
installed but simscan: clamscan currently shows version 25920 being 
used. How do I get clamscan to use the latest version downloaded?


First take a look through the output of 'clamconf', it might shed some 
light.





___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamav signature

[iulian stan via clamav-users]

Dear Jeff, 


I don't know what 'qmailctl cdb' is doing in your Linux(since qmail is
over-patched nowdays) but i believe is touching ONLY the qmail tcprules.
This means simscam cdbs and not generated/updated when is needed. 

Basically for simscan you need to run: 


/var/qmail/bin/simscanmk (path might be diff) to generate simcontrol.cdb
which basically contains: if clamav is used, if spamassassin is used,
which files you don't accept, etc 

AND 


/var/qmail/bin/simscanmk -g(path might be diff) will generate the
simversions.cdb which contains the versions of clamav and spamassassin. 

Long story short, you most probably forgot to run simscanmk -g . 


PS:I love qmail, is quite simple, good security but unfortunately is
quite difficult to maintain a very good email server with it today. You
are missing a lot of functionalities (or you need to be very creative
about which patch you apply, in which stage). Unfortunately from my
point if view hist simplicity is now a headache. Please consider using
more up-to-date MTA(exim,postfix). Just think about it. 


PPS: sorry for my deviation from the subject :) I know we are on clamav
mailing-list :) 


---
Best regards,
Iulian Stan 


On 2020-09-18 05:50, Jeff Koch wrote:

Hi 


It appears clamscan is using the latest signature database. We needed to run 
'qmailctl cdb' to update the signatures being included in logs and email 
headers. Once that was done the signature file version 25931 was reported. 
Seems strange that the clamscan logs needed to get that information from 
qmail's simversions.cdb file.

I ran 'clamconf' - it reports the 


Database information

Database directory: /var/lib/clamav
daily.cld: version 25931, sigs: 4319278, built on Thu Sep 17 09:53:56 2020
bytecode.cld: version 331, sigs: 94, built on Thu Sep 19 12:12:33 2019
main.cld: version 59, sigs: 4564902, built on Mon Nov 25 08:56:15 2019
Total number of signatures: 8884274

Thanks, Jeff

On 9/17/2020 6:21 PM, G.W. Haywood via clamav-users wrote: Hi there, 

On Thu, 17 Sep 2020, Jeff Koch wrote: 

The freshclam logs show daily.cvd signature file version 25930 is installed but simscan: clamscan currently shows version 25920 being used. How do I get clamscan to use the latest version downloaded? 
First take a look through the output of 'clamconf', it might shed some light.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav performance

[G.W. Haywood via clamav-users]

Hi there,

On Thu, 24 Sep 2020, Zayan abdul shukoor via clamav-users wrote:


Most of the performance runs that we tried with clamav resulted in scan
times of 2-3 times size of the file.


It seems like you are saying that if you scan a 1kbyte file it takes
2,000 to 3,000 seconds.  That seems unlikely.  I tend to measure scan
times in seconds, and file sizes in bytes.  If I multiply a number of
bytes by 2, or by 3, I have a number which is still a number of bytes,
not a number which is a number of seconds.


The files are primarily zip files which contains xml and txt files.


Do you have specific threats in mind?  Do you have reason to believe
that ClamAV will detect them in your specific circumstances?  Have you
tested the scanner against threat samples?  How?  What have you found?


Is there any benchmarking or performance statistics available on scan times.


You will find a few mentions in the mailing list archives, but your
question is so vague that it is difficult to answer.


What options are available to speed up the scan times?


That very much depends on what you've done already, but you haven't
given any useful information about your hardware and you haven't said
anything about the sizes of the files you want to scan.  What system
are you using to scan the files?  Roughly how big are they in bytes?
How are you scanning them?  Have you read about the different ways of
using ClamAV to perform scans?

Think about the issues.  Measure things that seem relevant, but use
sane units when you note the measurements and then post them here so
we can see if they look reasonable.  If all else fails you could spend
some money on hardware and perhaps consultancy.


Is there any recommended settings based on server cpu and memory?


Your questions all seem to be variations on the same theme, which is
"How long is a piece of string?"

You didn't mention your hardware, operating system, other processes
which may be running, mass storage, file system, network performance,
cooling, ... all sorts of things can have a bearing on performance.

I use a Pi4B with 4GBytes of RAM running Raspbian Linux as a dedicated
server to run clamd.  It does a few other odd jobs but nothing heavy.
Usually I run one clamd daemon on it, but sometimes two or even three.
The clamd daemons are only used to scan mail, the mail is processed on
a separate server and sent to the Pi4B using TCP on a 1Gbit/s network.
The processors very rarely reach temperatures at which they throttle.
The main ClamAV database is on a remote mount NFS drive but temporary
files are kept on a local USB-attached SATA drive.

For every message scanned, the mail server measures the time it takes
between sending the message and receiving a response from the scanner.
Typical scan rates for mail messages of sizes of a few kbytes to tens
of kBytes are in the range 10 to 100 kBytes/sec -- in other words, it
takes a fraction of a second to scan a typical mail message.  That's
over a hundred times faster than needed to keep up with our mail load.

Can you give us concrete information like that?  Then can you tell us
if you are happy with the numbers, and if not, why not, and what sort
of numbers you _would_ be happy with?  Without something like that to
go on we're only going to be able to guess, which isn't very useful.

Most of the time I really don't care about the scan rates, I'm much
more interested in the detection rates.  You can find comments about
that in many other posts to this list if you search the archives.  If
you can tell us what sort of detection rates you'd be comfortable with
we might have suggestions to make about that too.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAv help

[Joel Esler (jesler) via clamav-users]

What would you like to do other than what you have done?  Seems like you were 
able to cover the basics.  

Sent from my  iPhone

> On Dec 31, 2020, at 15:47, Jay A. Schoon via clamav-users 
>  wrote:
> 
>  Hello:
> 
> I have installed ClamAV on a Mac running Mojave 10.14.6. I have successfully 
> updated the package by running freshclam and run a scan. I have read the 
> manual and a number of sites’ help for ClamAV. While I believe I have also 
> installed clamd I have not been able to run a scan in multiprocessor mode and 
> I’m sure there are gaps in my install and execution knowledge. Any help I 
> could receive would be great. 
> 
> Thanks in advance,
> JS
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAv help

[Jay A. Schoon via clamav-users]

Joel:

Thanks so much for responding. As of now I can on run on-demand single 
processor scans.

Here are the things I would like to do:

- Run scans that utilize multiprocessors (I believe I do have clamd installed, 
I just don’t know how to use it)
- Schedule virus scans (a assume this can be done through a Bash script with 
Automator)
- Stipulate which volumes and directories to scan/exempt
- Choose to quarantine infected items
- Auto-scan files on access

There is probably more but that’s the lion’s share of what I’d like. Thanks for 
responding.

Happy New Year!

JS

> On Dec 31, 2020, at 4:39 PM, Joel Esler (jesler)  wrote:
>
> What would you like to do other than what you have done? Seems like you were 
> able to cover the basics.
>
> Sent from my  iPhone
>
>> On Dec 31, 2020, at 15:47, Jay A. Schoon via clamav-users 
>>  wrote:
>
>>  Hello:
>>
>> I have installed ClamAV on a Mac running Mojave 10.14.6. I have successfully 
>> updated the package by running freshclam and run a scan. I have read the 
>> manual and a number of sites’ help for ClamAV. While I believe I have also 
>> installed clamd I have not been able to run a scan in multiprocessor mode 
>> and I’m sure there are gaps in my install and execution knowledge. Any help 
>> I could receive would be great.
>>
>> Thanks in advance,
>> JS
>> ___
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>
> 
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAv help

[Eric Tykwinski]

Jay,

MacOS isn’t the optimum, but you can do most of what you want with third party 
software.
So first of all clamdscan is single process and runs linearly for each 
clamdscan you run.

Scheduling is fine and works great, I usually run clamscan for those as I know 
it will run with it’s own process.

Exceptions are made in their clamd.conf or command line for clamscan.
Where to quarantine is also made at the above.

AutoScanning requires a third party application as BSD doesn’t support 
clamonacc, so I would recommend fswatch:
https://github.com/emcrisostomo/fswatch 


So depending on your use case, I personally use a clamdscan plist for each user 
which launches fswatch to run a clamdscan on each user's access to a file on 
login.
You can also schedule a clamscan for specific directories to the whole server 
on a crontab.

My biggest hurdle which I couldn’t figure out was how to notify users when a 
suspect file was quarantined, as macOS has limitations on who can call the 
Notification library, but nothing to do with ClamAV.

My work around was just writing to file in the the Documents directory, which 
also Quarantined to a ~/Documents/Quarantine/ directory so if a file simple 
went missing I would know where it was from and where it went to.

P.S.  Have a good new year everyone...

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Dec 31, 2020, at 6:52 PM, Jay A. Schoon via clamav-users 
>  wrote:
> 
> Joel:
> 
> Thanks so much for responding. As of now I can on run on-demand single 
> processor scans. 
> 
> Here are the things I would like to do:
> 
> Run scans that utilize multiprocessors (I believe I do have clamd installed, 
> I just don’t know how to use it)
> Schedule virus scans (a assume this can be done through a Bash script with 
> Automator)
> Stipulate which volumes and directories to scan/exempt
> Choose to quarantine infected items
> Auto-scan files on access
> 
> There is probably more but that’s the lion’s share of what I’d like. Thanks 
> for responding.
> 
> Happy New Year!
> 
> JS
> 
> 
>> On Dec 31, 2020, at 4:39 PM, Joel Esler (jesler) > > wrote:
>> 
>> What would you like to do other than what you have done?  Seems like you 
>> were able to cover the basics.  
>> 
>> Sent from my  iPhone
>> 
>>> On Dec 31, 2020, at 15:47, Jay A. Schoon via clamav-users 
>>> mailto:clamav-users@lists.clamav.net>> 
>>> wrote:
>>> 
>>>  Hello:
>>> 
>>> I have installed ClamAV on a Mac running Mojave 10.14.6. I have 
>>> successfully updated the package by running freshclam and run a scan. I 
>>> have read the manual and a number of sites’ help for ClamAV. While I 
>>> believe I have also installed clamd I have not been able to run a scan in 
>>> multiprocessor mode and I’m sure there are gaps in my install and execution 
>>> knowledge. Any help I could receive would be great. 
>>> 
>>> Thanks in advance,
>>> JS
>>> 
>>> ___
>>> 
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net 
>>> https://lists.clamav.net/mailman/listinfo/clamav-users 
>>> 
>>> 
>>> 
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq 
>>> 
>>> 
>>> http://www.clamav.net/contact.html#ml 
>>> 
>> 
> 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net 
> https://lists.clamav.net/mailman/listinfo/clamav-users 
> 
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq 
> 
> 
> http://www.clamav.net/contact.html#ml 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAv help

[Al Varnell via clamav-users]

Jay,

You might want to take a look at ClamXAV which will give you a GUI interface 
enabling you to do most, if not all of what you are attempting, as well as 
provide some additional features and protections over and above what ClamAV can 
do: . It does require a paid subscription after a 
fully operational trial period.

Sent from my iPad

-Al-

On Dec 31, 2020, at 12:46, Jay A. Schoon via clamav-users 
 wrote:
> Hello:
> 
> I have installed ClamAV on a Mac running Mojave 10.14.6. I have successfully 
> updated the package by running freshclam and run a scan. I have read the 
> manual and a number of sites’ help for ClamAV. While I believe I have also 
> installed clamd I have not been able to run a scan in multiprocessor mode and 
> I’m sure there are gaps in my install and execution knowledge. Any help I 
> could receive would be great. 
> 
> Thanks in advance,
> JS

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAv help

[G.W. Haywood via clamav-users]

Hi there,

On Thu, 31 Dec 2020, Jay A. Schoon via clamav-users wrote:


...
Here are the things I would like to do:

- Run scans that utilize multiprocessors (I believe I do have clamd
installed, I just don’t know how to use it)


The clamd daemon can run multiple threads/cores, but using clamd and
using multiple cores are completely different things and have more or
less nothing to do with each other.  You can for example run multiple
instances of clamscan, but whether you will realize the performance
improvement you might hope for will depend on factors such as storage
seek times, throughput rates and a host of other things too.

Experiment a little to see if you can get any worth-while improvements
with some simple tests, and while you wait for the results think about
what you're doing (and indeed whether it makes sense) rather than how
you're doing it.  Get your computer to work smarter, not harder.

Now I'm going to simplify a bit, and later on mention some 'if's.

1. The clamd daemon.

The 'd' in 'clamd' is a not-especially-standard way to tell you that
clamd is what's called a 'daemon'.  This means that when you start the
process, it doesn't interact with you through the terminal in the way
that other processes do.  For example, after you start your editor, or
word processor or spreadsheet or mail client, they will generally wait
for some input from your keyboard and/or or mouse, and then act on it.

A daemon doesn't work that way.  For a daemon, the way the software is
written is a little different, in that even if you start it from your
terminal (using the 'shell') it will 'detach' from the terminal, so it
no longer listens to that connection, and therefore no longer listens
to you.  Unlike when you start an 'interactive' program like an editor
where you type a command to start the editor and the next things typed
are editor commands, when you start a daemon you will usually see the
shell command prompt come back on the screen because you're talking to
the shell again - not the daemon.  For interactive programs, when the
shell prompt comes back it means that the process has terminated.  The
process that you started has stopped.  Maybe you stopped it e.g. using
a Quit command, maybe it even crashed.  If you type 'emacs' at a shell
prompt, you run the editor to edit something then exit the editor; the
editor process is no longer running and you get the shell prompt back.

For a daemon it's different.  The process has started, and it's given
your terminal input and output back to the shell but continues to run.
For clamd that's all there is to it.  By itself, it won't do anything
at all.  It will just sit there, consuming resources until you tell it
to do something somehow.  Something other than terminal input tells it
what to do.

When running as a daemon the clamd process waits for instructions but
it doesn't get its instructions from your keyboard or your mouse.  It
gets them from a 'socket'.  It 'opens' the socket and 'listens' to it.
You can send instructions to clamd through the socket in several ways,
for example you can use the 'clamdscan' command - that's the simplest
way to use clamd.  The clamdscan command interprets what you tell it
on its command line (the clamdscan command line) and communicates with
clamd over the socket on which clamd is listening to tell it what you
have asked it to do.  So clamd does the scanning, not clamdscan.  The
other ways to use the clamd daemon involve progressively more complex
setups which you aren't yet ready for.  Be aware that starting clamd
can take "a while" because it has to read and compile on the order of
ten million lines from its database files.  If you add any third-party
databases to your database directory, it can be even more than that.
Depending on system performance, "a while" can be a few seconds to a
few minutes.  During the time it's starting up, clamd won't be able to
scan anything.  When it has loaded the ClamAV 'official' database, it
will be using around a gigabyte of memory.  More signatures, more RAM.
When it reloads the databases it will (temporarily) use about twice as
much RAM (by default - there's an option to make it behave like at the
first start, where it will use less memory but it won't scan while it
reloads the databases).

2. Scanning commands.

Note that there are two commands with similar names.  The 'clamdscan'
command uses the clamd daemon and won't work if clamd isn't running.
The 'clamscan' command doesn't use clamd at all.  So one way to tell
if you have clamd running, and a lot of other things properly set up
(such as configuring clamd and clamdscan to use the same socket!) is
simply to try to scan something using clamdscan.  If it can't connect
to the daemon it will tell you so.  That might mean either that clamd
isn't running or that the communications between clamdscan and clamd
aren't working.  If you look at the list of process which are running
on the computer, you should be able to see clamd in the list if

Re: [clamav-users] ClamAv help

[Jay A. Schoon via clamav-users]

All:

Wow, Joel, Eric, Al, GED- thanks so much for the great material. I really 
appreciate it. I have learned a lot about clamav and have come to the 
conclusion that perhaps I should take a step back and mention the problem I am 
trying to solve and ask for thoughts on how to solve this. 

I am a fairly new Mac desktop user with limited experience in scripting and 
scheduling. I have been running commercial anti-virus to fend off possible 
malware, but have recently had bad experiences with two commercial products, 
particularly with regard to privacy. I am a believer in the value of 
open-source software and thought I would investigate such alternatives- hence, 
ClamAV. I am not against the idea of research and investigation, but I’m not 
able to find a single source of record that was clearly able to help me 
understand how to use ClamAV as a simple desktop solution to replace some of 
the functionality I mentioned previously, particularly scheduling and on-access 
scanning. Also, until today I didn’t have a really clear explanation of the 
differences between clam and clamd (thanks GED). 

I was looking to replace this anti-virus functionality with ClamAV and other 
add-on software to perform these base anti-virus tasks. The process has been 
“two steps forward, one back” in a lot of ways because I didn’t have background 
using lists or IRC. Learning these will be useful down the road. I thought that 
my case can’t be unique and that there would likely be other Mac desktop users 
doing the same thing who might know of required artifacts that could steer me 
in the right direction. I have planned investigating a simple consulting 
session if I could find someone to fill in the gaps.

That said, I’m really happy to have received the information you all have 
provided. Any thoughts you may have are greatly appreciated.

Thanks,
JS




___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav error

[Gary R. Schmidt]

On 17/06/2021 13:30, Jigar via clamav-users wrote:

Hello,

Suddenly, we are getting the following error in clamd.log file

Thu Jun 17 08:52:49 2021 ->
/var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001:
Can't create new file ERROR
Thu Jun 17 08:52:49 2021 ->
/var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002:
Can't open file or directory ERROR

We have checked up all the permission and ownership. There is no change in it.

We still have the old version of clamav - 0.99 on our mail server. We
are in the process of upgrading with a new server. Meanwhile, we need
to run the
server without any issue. We request kind help.

Have you checked that whatever file system contains 
"/var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts" has not 
run out of space?


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav error

[Jigar via clamav-users]

Hello,
Following is disk space status. It appears no issue with disk space.

/dev/sda375G   50G   22G  71% /

With Regards

Jigar Raval



On Thu, Jun 17, 2021 at 9:06 AM Gary R. Schmidt  wrote:
>
> On 17/06/2021 13:30, Jigar via clamav-users wrote:
> > Hello,
> >
> > Suddenly, we are getting the following error in clamd.log file
> >
> > Thu Jun 17 08:52:49 2021 ->
> > /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001:
> > Can't create new file ERROR
> > Thu Jun 17 08:52:49 2021 ->
> > /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002:
> > Can't open file or directory ERROR
> >
> > We have checked up all the permission and ownership. There is no change in 
> > it.
> >
> > We still have the old version of clamav - 0.99 on our mail server. We
> > are in the process of upgrading with a new server. Meanwhile, we need
> > to run the
> > server without any issue. We request kind help.
> >
> Have you checked that whatever file system contains
> "/var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts" has not
> run out of space?
>
> Cheers,
> GaryB-)
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav error

[G.W. Haywood via clamav-users]

Hi there,

On Thu, 17 Jun 2021, Jigar via clamav-users wrote:


We still have the old version of clamav - 0.99 on our mail server.


As I said to you in April, if you are using vulnerable software, patch
it.  Upgrade ClamAV immediately.  ClamAV version 0.99 is well past its
End Of Life, and aside from some well-publicized security issues, for
some months the database servers have prevented 0.99 from updating its
copies of the signature databases.  New malware signatures are being
added at an average a rate of at least one hundred per day, so you may
expect that by now you are missing more than ten thousand very recent
virus signatures.


... we need to run the server without any issue.


So does everyone else.

The latest version of ClamAV is 0.103.2.  ClamaV 0.100 was released on
April 9, 2018, so you are running security software which has now been
outdated for more than three years.  You have been subscribed to this
list since at least April 2021, what have you been doing since then?

When you do not take security seriously you become part of the problem.
You have been part of the problem for at least three years and everyone
here would welcome you if you pulled up your socks.  It isn't difficult
to upgrade ClamAV, but you will need some of the supporting software to
be relatively recent.  Presumably your mail server's other software is
in need of upgrades too.  From the earlier correspondence, I guess also
your workstations:

https://marc.info/?l=clamav-users&m=161746896209362&w=2

On Thu, 17 Jun 2021, Jigar via clamav-users wrote:

On Thu, Jun 17, 2021 at 9:06 AM Gary R. Schmidt  wrote:
> On 17/06/2021 13:30, Jigar via clamav-users wrote:
> >
> > Suddenly, we are getting the following error in clamd.log file
> >
> > Thu Jun 17 08:52:49 2021 -> 
/var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001: Can't create new file 
ERROR
> > Thu Jun 17 08:52:49 2021 -> 
/var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002: Can't open file or 
directory ERROR
> >
> > We have checked up all the permission and ownership. There is no change in 
it.
>
> Have you checked that whatever file system contains
> "/var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts"
> has not run out of space?

Following is disk space status. It appears no issue with disk space.

/dev/sda375G   50G   22G  71% /


In 2021 those numbers look small for any server but it is not clear to
me from the output of the command you have posted that the directories

/var/amavis/tmp/*

are in fact on the root partition.  You need to check that first.  But
it could be that there's some other problem.  For example there might
have been an error resulting in parts of the filesystem being remounted
read-only.  I'm just guessing here, we need a lot more information.  If
you can create (and then delete) a fairly large test file in the amavis
directory, at least that will tell you that there is free space there
and that it's writeable.  If you can do it as the user which is running
the relevant process(es) that will tell you a bit more.

What operating systems and mail server software are you using?

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav error

[Michael Orlitzky via clamav-users]

On 2021-06-17 09:00:09, Jigar via clamav-users wrote:
> Hello,
> 
> Suddenly, we are getting the following error in clamd.log file
> 
> Thu Jun 17 08:52:49 2021 ->
> /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001:
> Can't create new file ERROR
> Thu Jun 17 08:52:49 2021 ->
> /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002:
> Can't open file or directory ERROR
> 
> We have checked up all the permission and ownership. There is no change in it.
> 

If you are (or can be) using a local socket to communicate with clamd,
then I would suggest changing the way that amavisd invokes the virus
scanner in amavisd.conf:

  # Use clamdscan with the --fdpass option so that the "clamav" user
  # doesn't need to be able to read amavis's private working
  # directory.
  @av_scanners = (
['ClamAV-clamdscan', 'clamdscan', "--fdpass --stdout --no-summary {}",
  [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
  );

This is now the way that amavisd recommends, and assumes that your
clamd socket is writable by the amavis user.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav error

[Tsutomu Oyamada]

Hi all,

It's also talked about in this thread
CVD version 26199 causes the following error in ClamAV version 0.99.2:

Can't open file or directory ERROR

We have identified the signature of the problem in CVD version 26199.

Win.Loader.Boxter-9870959-0

If you ignore this signature, you can scan without errors.
If possible, exclude this signature or modify it.

Please help us.

Best regards
T.O

On Thu, 17 Jun 2021 09:41:38 -0400
Michael Orlitzky via clamav-users  wrote:

> On 2021-06-17 09:00:09, Jigar via clamav-users wrote:
> > Hello,
> > 
> > Suddenly, we are getting the following error in clamd.log file
> > 
> > Thu Jun 17 08:52:49 2021 ->
> > /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001:
> > Can't create new file ERROR
> > Thu Jun 17 08:52:49 2021 ->
> > /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002:
> > Can't open file or directory ERROR
> > 
> > We have checked up all the permission and ownership. There is no change in 
> > it.
> > 
> 
> If you are (or can be) using a local socket to communicate with clamd,
> then I would suggest changing the way that amavisd invokes the virus
> scanner in amavisd.conf:
> 
>   # Use clamdscan with the --fdpass option so that the "clamav" user
>   # doesn't need to be able to read amavis's private working
>   # directory.
>   @av_scanners = (
> ['ClamAV-clamdscan', 'clamdscan', "--fdpass --stdout --no-summary {}",
>   [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
>   );
> 
> This is now the way that amavisd recommends, and assumes that your
> clamd socket is writable by the amavis user.
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav error

[G.W. Haywood via clamav-users]

Hi there,

On Sat, 26 Jun 2021, Tsutomu Oyamada wrote:


It's also talked about in this thread
CVD version 26199 causes the following error in ClamAV version 0.99.2:

Can't open file or directory ERROR

We have identified the signature of the problem in CVD version 26199.

Win.Loader.Boxter-9870959-0

If you ignore this signature, you can scan without errors.
If possible, exclude this signature or modify it.

Please help us.

Best regards
T.O
...


I have been unable to find the thread to which you seem to be trying
to refer, and your message does not make it clear, at least to me,
whether you are asking a question or making a contribution to the
discussion.  Please follow recognized practices when composing your
messages to a mailing list so that they do not cause unnecessary
confusion.  A link to the referenced thread would help enormously.
There is no need to quote extensively from it in your message.

https://marc.info/?l=clamav-users&w=2&r=1&s=ClamAV+version+0.99.2&q=b
https://marc.info/?l=clamav-users&w=2&r=1&s=Win.Loader.Boxter&q=b

If you are asking for help with an old version of ClamAV, the advice
must be to upgrade to a supported version, preferably the most recent.

At the date of this message, the most recent version is 0.103.3.

At the date of this message, version 26199 of the 'daily' database is
two weeks old.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamAV .104.0

[Micah Snyder (micasnyd) via clamav-users]

Hi Marcy,

It appears the Windows MSI installer is missing just about all of the clamav 
program files: https://github.com/Cisco-Talos/clamav/issues/285

Our automated tests use the ZIP package, so we missed the packaging issue, 
which I suspect was introduced during between the release candidates while 
adding support for building macOS install packages.

Unfortunately, you'll have to use the .zip package if you wish to upgrade to 
0.104.0 until we can publish a fixed package.

I'm sorry for the confusion.
[https://opengraph.githubassets.com/7c75533aed084bc9f65c8f3447fe4fe9de0f13a6847c0d4dabe46c54bd7cb474/Cisco-Talos/clamav/issues/285]
ClamAV 0.104.0 Win64 .msi package missing files · Issue #285 · 
Cisco-Talos/clamav
Until previous version (0.103.3) the ClamAV installer could be downloaded in 
.exe executable file. With version 0.104.0 a msi installer is available which 
contains only some files. What is the new ...
github.com



The "Result too large or too small" error is new to me.  Can I trouble you to 
create a new issue on github for us to investigate this?

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of Marcy 
Rogers via clamav-users 
Sent: Wednesday, September 8, 2021 7:48 AM
To: ClamAV users ML 
Cc: Marcy Rogers 
Subject: [clamav-users] clamAV .104.0

Good Morning.

I am working on upgrading ClamAV from .103.3  to .104.0.
I read the instructions and I am really confused.
I am guessing I need to uninstall the current ClamAv.  When I uninstall the 
current ClamAV.  It take everything out  of the directory except for the 
.config file, the .log file and the Database directory.  When I install the 
.104.0, it only puts 2 folders and some .dlls in the program files/clamav 
folder.
I had to download the zip file and put the zip file in the program files\clamav 
folder.
I reconfigured my .config file
I download the database for the .cld and then start clamd.exe (no internet 
access for freshclam)
Then I open another Powershell console and do  .\clamdscan.exe -vl clamd.log c:
I get this error c:\program files\clamav\clamav\clamd.log: file path check 
failure: Result to large or to small.  Error.

I was not having this issue with .104.0

I hope someone can help me out.

Thank you

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav DOA

[Maarten Broekman via clamav-users]

Cody, it looks like you’re running ClamAV 0.101.2. That version is too old. If 
you upgrade to 0.103.4, you should be able to start downloading the db files 
again. 

What kind of system are you on? Is ClamAV prepackaged for you or did you build 
from source?

-Maarten
Sent from a tiny keyboard

> On Nov 18, 2021, at 07:09, Cody Allen  wrote:
> 
> frustrated, have spent days with a broken clamav nothing seems to work to 
> download the db. can someone please shed some light on what is wrong and how 
> to address the problem. running on a debian jessie appliance. at this point 
> im dead in the water, without the databse the service tanks and will not 
> start, freshclam will not download and have found no method to manually get 
> or update the db.
> 
> Using IPv6 aware code
> Max retries == 3
> Querying current.cvd.clamav.net
> TTL: 962
> Software version from DNS: 0.103.4
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.101.2 Recommended version: 0.103.4
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
> Retrieving http://database.clamav.net/main.cvd
> Ignoring mirror 104.16.218.84 (due to previous errors)
> Ignoring mirror 104.16.219.84 (due to previous errors)
> Ignoring mirror 104.16.218.84 (due to previous errors)
> Ignoring mirror 104.16.219.84 (due to previous errors)
> WARNING: Can't download main.cvd from database.clamav.net
> Trying again in 5 secs...
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav DOA

[Cody Allen]

its prepackaged on a mailcleaner appliance, not using any standard locations 
for the binaries or configs and no updates available from them, an out of date 
database would have been better than a totally broken AV, which is where im 
stuck now, its frustrating that we're blaming network connectivity instead of 
that its too old, meaning that its not a recommendtation to upgrade but a 
requirement



> On Nov 18, 2021, at 7:21 AM, Maarten Broekman via clamav-users 
>  wrote:
> 
> 
> CAUTION: This email originated from outside of the organization. Do not click 
> links or open attachments unless you recognize the sender and know the 
> content is safe.
> 
> Cody, it looks like you’re running ClamAV 0.101.2. That version is too old. 
> If you upgrade to 0.103.4, you should be able to start downloading the db 
> files again. 
> 
> What kind of system are you on? Is ClamAV prepackaged for you or did you 
> build from source?
> 
> -Maarten
> Sent from a tiny keyboard
> 
>> On Nov 18, 2021, at 07:09, Cody Allen  wrote:
>> 
>> frustrated, have spent days with a broken clamav nothing seems to work to 
>> download the db. can someone please shed some light on what is wrong and how 
>> to address the problem. running on a debian jessie appliance. at this point 
>> im dead in the water, without the databse the service tanks and will not 
>> start, freshclam will not download and have found no method to manually get 
>> or update the db.
>> 
>> Using IPv6 aware code
>> Max retries == 3
>> Querying current.cvd.clamav.net 
>> TTL: 962
>> Software version from DNS: 0.103.4
>> WARNING: Your ClamAV installation is OUTDATED!
>> WARNING: Local version: 0.101.2 Recommended version: 0.103.4
>> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav 
>> 
>> Retrieving http://database.clamav.net/main.cvd 
>> 
>> Ignoring mirror 104.16.218.84 (due to previous errors)
>> Ignoring mirror 104.16.219.84 (due to previous errors)
>> Ignoring mirror 104.16.218.84 (due to previous errors)
>> Ignoring mirror 104.16.219.84 (due to previous errors)
>> WARNING: Can't download main.cvd from database.clamav.net 
>> 
>> Trying again in 5 secs...
>> ___
>> 
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav DOA

[Joel Esler (jesler) via clamav-users]

101 should be fine.  Try deleting your mirrors.dat file and see what happens?

— 
Sent from my  iPad

> On Nov 18, 2021, at 07:32, Cody Allen  wrote:
> 
>  its prepackaged on a mailcleaner appliance, not using any standard 
> locations for the binaries or configs and no updates available from them, an 
> out of date database would have been better than a totally broken AV, which 
> is where im stuck now, its frustrating that we're blaming network 
> connectivity instead of that its too old, meaning that its not a 
> recommendtation to upgrade but a requirement
> 
> 
> 
>>> On Nov 18, 2021, at 7:21 AM, Maarten Broekman via clamav-users 
>>>  wrote:
>>> 
>>> 
>>> CAUTION: This email originated from outside of the organization. Do not 
>>> click links or open attachments unless you recognize the sender and know 
>>> the content is safe.
>>> 
>>> Cody, it looks like you’re running ClamAV 0.101.2. That version is too old. 
>>> If you upgrade to 0.103.4, you should be able to start downloading the db 
>>> files again. 
>>> 
>>> What kind of system are you on? Is ClamAV prepackaged for you or did you 
>>> build from source?
>>> 
>>> -Maarten
>>> Sent from a tiny keyboard
>>> 
 On Nov 18, 2021, at 07:09, Cody Allen  wrote:
 
>>> frustrated, have spent days with a broken clamav nothing seems to work to 
>>> download the db. can someone please shed some light on what is wrong and 
>>> how to address the problem. running on a debian jessie appliance. at this 
>>> point im dead in the water, without the databse the service tanks and will 
>>> not start, freshclam will not download and have found no method to manually 
>>> get or update the db.
>>> 
>>> Using IPv6 aware code
>>> Max retries == 3
>>> Querying current.cvd.clamav.net
>>> TTL: 962
>>> Software version from DNS: 0.103.4
>>> WARNING: Your ClamAV installation is OUTDATED!
>>> WARNING: Local version: 0.101.2 Recommended version: 0.103.4
>>> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
>>> Retrieving http://database.clamav.net/main.cvd
>>> Ignoring mirror 104.16.218.84 (due to previous errors)
>>> Ignoring mirror 104.16.219.84 (due to previous errors)
>>> Ignoring mirror 104.16.218.84 (due to previous errors)
>>> Ignoring mirror 104.16.219.84 (due to previous errors)
>>> WARNING: Can't download main.cvd from database.clamav.net
>>> Trying again in 5 secs...
>>> ___
>>> 
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>> 
>>> 
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> 
>>> http://www.clamav.net/contact.html#ml
>> 
>> ___
>> 
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav DOA

[Cody Allen]

joel, i have tried that a number of times over the last couple of days still 
the same results

Cody Allen, Vice President of IT
Infuserve America, Inc / Pharmetric Laboratory, LLC
11880 28th St. N. Ste. 200 
Saint Petersburg, FL 33716
P: 727-573-7847 
F: 727-573-0535
c...@infuserveamerica.com 
We're on the Web:  www.Infuserveamerica.com 

> On Nov 18, 2021, at 8:10 AM, Joel Esler (jesler) via clamav-users 
>  wrote:
> 
> 101 should be fine.  Try deleting your mirrors.dat file and see what happens?
> 
> — 
> Sent from my  iPad
> 
>> On Nov 18, 2021, at 07:32, Cody Allen  wrote:
>> 
>>  its prepackaged on a mailcleaner appliance, not using any standard 
>> locations for the binaries or configs and no updates available from them, an 
>> out of date database would have been better than a totally broken AV, which 
>> is where im stuck now, its frustrating that we're blaming network 
>> connectivity instead of that its too old, meaning that its not a 
>> recommendtation to upgrade but a requirement
>> 
>> 
>> 
>>> On Nov 18, 2021, at 7:21 AM, Maarten Broekman via clamav-users 
>>> mailto:clamav-users@lists.clamav.net>> 
>>> wrote:
>>> 
>>> 
>>> CAUTION: This email originated from outside of the organization. Do not 
>>> click links or open attachments unless you recognize the sender and know 
>>> the content is safe.
>>> 
>>> Cody, it looks like you’re running ClamAV 0.101.2. That version is too old. 
>>> If you upgrade to 0.103.4, you should be able to start downloading the db 
>>> files again. 
>>> 
>>> What kind of system are you on? Is ClamAV prepackaged for you or did you 
>>> build from source?
>>> 
>>> -Maarten
>>> Sent from a tiny keyboard
>>> 
 On Nov 18, 2021, at 07:09, Cody Allen >>> > wrote:
 
 frustrated, have spent days with a broken clamav nothing seems to work to 
 download the db. can someone please shed some light on what is wrong and 
 how to address the problem. running on a debian jessie appliance. at this 
 point im dead in the water, without the databse the service tanks and will 
 not start, freshclam will not download and have found no method to 
 manually get or update the db.
 
 Using IPv6 aware code
 Max retries == 3
 Querying current.cvd.clamav.net 
 TTL: 962
 Software version from DNS: 0.103.4
 WARNING: Your ClamAV installation is OUTDATED!
 WARNING: Local version: 0.101.2 Recommended version: 0.103.4
 DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav 
 
 Retrieving http://database.clamav.net/main.cvd 
 
 Ignoring mirror 104.16.218.84 (due to previous errors)
 Ignoring mirror 104.16.219.84 (due to previous errors)
 Ignoring mirror 104.16.218.84 (due to previous errors)
 Ignoring mirror 104.16.219.84 (due to previous errors)
 WARNING: Can't download main.cvd from database.clamav.net 
 
 Trying again in 5 secs...
 ___
 
 clamav-users mailing list
 clamav-users@lists.clamav.net 
 https://lists.clamav.net/mailman/listinfo/clamav-users 
 
 
 
 Help us build a comprehensive ClamAV guide:
 https://github.com/vrtadmin/clamav-faq 
 
 
 http://www.clamav.net/contact.html#ml 
 
>>> 
>>> ___
>>> 
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net 
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>> 
>>> 
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> 
>>> http://www.clamav.net/contact.html#ml
>> 
>> 
>> ___
>> 
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav DOA

[G.W. Haywood via clamav-users]

Hi there,

On Thu, 18 Nov 2021, Cody Allen wrote:


... frustrated, have spent days with a broken clamav nothing seems
to work to download the db. ...


You could at least have subscribed to the announcements list.  This is
from two months ago and is especially relevant to you:

https://blog.clamav.net/2021/09/changes-to-clamav-end-of-life-policy.html

See also

https://blog.clamav.net/2020/07/freshclam-cdiffs-effect-on-bandwidth.html
https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
https://blog.clamav.net/2021/11/clamav-01034-and-01041-patch-releases.html

If you'd read these you'd have been warned well in advance and there'd
have been no need to grumble on this list that something which you get
for free (and which is apparently rather important to you) has stopped
working because you didn't bother to maintain it properly.


its frustrating that we're blaming network connectivity instead of
that its too old ...


Your interpretation of


WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.2 Recommended version: 0.103.4
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav


differs from mine.

Please also look at

https://www.debian.org/News/2020/20200709

which tells you that long-term support for Debian 8 (Jessie) ended
more than a year ago.  There is little excuse for running Debian 8
sixteen months after its end of life.  If you absolutely must run it,
then at least have the good grace to understand the implications and
for heaven's sake take this stuff seriously.  If you don't, you're a
problem for the rest of us just waiting to happen.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav DOA

[Cody Allen]

fair enough, i really dont need the lecture, i happen to manage more than just 
1 application. yes i may sound like im grumbling. these kind of responses are 
exactly why i dont post questions. as far as your opinion keep it to yourself, 
its unproductive and benfits nothing.


> On Nov 18, 2021, at 8:26 AM, G.W. Haywood via clamav-users 
>  wrote:
> 
> CAUTION: This email originated from outside of the organization. Do not click 
> links or open attachments unless you recognize the sender and know the 
> content is safe.
> 
> 
> Hi there,
> 
> On Thu, 18 Nov 2021, Cody Allen wrote:
> 
 ... frustrated, have spent days with a broken clamav nothing seems
 to work to download the db. ...
> 
> You could at least have subscribed to the announcements list.  This is
> from two months ago and is especially relevant to you:
> 
> https://blog.clamav.net/2021/09/changes-to-clamav-end-of-life-policy.html
> 
> See also
> 
> https://blog.clamav.net/2020/07/freshclam-cdiffs-effect-on-bandwidth.html
> https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
> https://blog.clamav.net/2021/11/clamav-01034-and-01041-patch-releases.html
> 
> If you'd read these you'd have been warned well in advance and there'd
> have been no need to grumble on this list that something which you get
> for free (and which is apparently rather important to you) has stopped
> working because you didn't bother to maintain it properly.
> 
>> its frustrating that we're blaming network connectivity instead of
>> that its too old ...
> 
> Your interpretation of
> 
 WARNING: Your ClamAV installation is OUTDATED!
 WARNING: Local version: 0.101.2 Recommended version: 0.103.4
 DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
> 
> differs from mine.
> 
> Please also look at
> 
> https://www.debian.org/News/2020/20200709
> 
> which tells you that long-term support for Debian 8 (Jessie) ended
> more than a year ago.  There is little excuse for running Debian 8
> sixteen months after its end of life.  If you absolutely must run it,
> then at least have the good grace to understand the implications and
> for heaven's sake take this stuff seriously.  If you don't, you're a
> problem for the rest of us just waiting to happen.
> 
> -- 
> 
> 73,
> Ged.
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav DOA

[fxkl47BF--- via clamav-users]

On Thu, 18 Nov 2021, Cody Allen wrote:

> fair enough, i really dont need the lecture, i happen to manage more than 
> just 1 application. yes i may sound like im grumbling. these kind of 
> responses are exactly why i dont post questions. as far as your opinion keep 
> it to yourself, its unproductive and benfits nothing.

thanks cody
it benefits those of us who read these messages to learn

>
>
>> On Nov 18, 2021, at 8:26 AM, G.W. Haywood via clamav-users 
>>  wrote:
>>
>> CAUTION: This email originated from outside of the organization. Do not 
>> click links or open attachments unless you recognize the sender and know the 
>> content is safe.
>>
>>
>> Hi there,
>>
>> On Thu, 18 Nov 2021, Cody Allen wrote:
>>
> ... frustrated, have spent days with a broken clamav nothing seems
> to work to download the db. ...
>>
>> You could at least have subscribed to the announcements list.  This is
>> from two months ago and is especially relevant to you:
>>
>> https://blog.clamav.net/2021/09/changes-to-clamav-end-of-life-policy.html
>>
>> See also
>>
>> https://blog.clamav.net/2020/07/freshclam-cdiffs-effect-on-bandwidth.html
>> https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
>> https://blog.clamav.net/2021/11/clamav-01034-and-01041-patch-releases.html
>>
>> If you'd read these you'd have been warned well in advance and there'd
>> have been no need to grumble on this list that something which you get
>> for free (and which is apparently rather important to you) has stopped
>> working because you didn't bother to maintain it properly.
>>
>>> its frustrating that we're blaming network connectivity instead of
>>> that its too old ...
>>
>> Your interpretation of
>>
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.101.2 Recommended version: 0.103.4
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
>>
>> differs from mine.
>>
>> Please also look at
>>
>> https://www.debian.org/News/2020/20200709
>>
>> which tells you that long-term support for Debian 8 (Jessie) ended
>> more than a year ago.  There is little excuse for running Debian 8
>> sixteen months after its end of life.  If you absolutely must run it,
>> then at least have the good grace to understand the implications and
>> for heaven's sake take this stuff seriously.  If you don't, you're a
>> problem for the rest of us just waiting to happen.
>>
>> --
>>
>> 73,
>> Ged.
>>
>> ___
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav DOA

[Cody Allen]

thats why i came here, i was out of ideas, but these kind of response dont 
benefit anybody, yes the links are appreciated but not the responses.


> On Nov 18, 2021, at 8:56 AM, fxkl47BF--- via clamav-users 
>  wrote:
> 
> CAUTION: This email originated from outside of the organization. Do not click 
> links or open attachments unless you recognize the sender and know the 
> content is safe.
> 
> 
> On Thu, 18 Nov 2021, Cody Allen wrote:
> 
>> fair enough, i really dont need the lecture, i happen to manage more than 
>> just 1 application. yes i may sound like im grumbling. these kind of 
>> responses are exactly why i dont post questions. as far as your opinion keep 
>> it to yourself, its unproductive and benfits nothing.
> 
> thanks cody
> it benefits those of us who read these messages to learn
> 
>> 
>> 
>>> On Nov 18, 2021, at 8:26 AM, G.W. Haywood via clamav-users 
>>>  wrote:
>>> 
>>> CAUTION: This email originated from outside of the organization. Do not 
>>> click links or open attachments unless you recognize the sender and know 
>>> the content is safe.
>>> 
>>> 
>>> Hi there,
>>> 
>>> On Thu, 18 Nov 2021, Cody Allen wrote:
>>> 
>> ... frustrated, have spent days with a broken clamav nothing seems
>> to work to download the db. ...
>>> 
>>> You could at least have subscribed to the announcements list.  This is
>>> from two months ago and is especially relevant to you:
>>> 
>>> https://blog.clamav.net/2021/09/changes-to-clamav-end-of-life-policy.html
>>> 
>>> See also
>>> 
>>> https://blog.clamav.net/2020/07/freshclam-cdiffs-effect-on-bandwidth.html
>>> https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
>>> https://blog.clamav.net/2021/11/clamav-01034-and-01041-patch-releases.html
>>> 
>>> If you'd read these you'd have been warned well in advance and there'd
>>> have been no need to grumble on this list that something which you get
>>> for free (and which is apparently rather important to you) has stopped
>>> working because you didn't bother to maintain it properly.
>>> 
 its frustrating that we're blaming network connectivity instead of
 that its too old ...
>>> 
>>> Your interpretation of
>>> 
>> WARNING: Your ClamAV installation is OUTDATED!
>> WARNING: Local version: 0.101.2 Recommended version: 0.103.4
>> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
>>> 
>>> differs from mine.
>>> 
>>> Please also look at
>>> 
>>> https://www.debian.org/News/2020/20200709
>>> 
>>> which tells you that long-term support for Debian 8 (Jessie) ended
>>> more than a year ago.  There is little excuse for running Debian 8
>>> sixteen months after its end of life.  If you absolutely must run it,
>>> then at least have the good grace to understand the implications and
>>> for heaven's sake take this stuff seriously.  If you don't, you're a
>>> problem for the rest of us just waiting to happen.
>>> 
>>> --
>>> 
>>> 73,
>>> Ged.
>>> 
>>> ___
>>> 
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>> 
>>> 
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> 
>>> http://www.clamav.net/contact.html#ml
>> 
>> 
>> ___
>> 
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
>> 
> 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav DOA

[Vladislav Kurz via clamav-users]

Dne 18. 11. 21 v 13:09 Cody Allen napsal(a):
frustrated, have spent days with a broken clamav nothing seems to work 
to download the db. can someone please shed some light on what is wrong 
and how to address the problem. running on a debian jessie appliance. at 
this point im dead in the water, without the databse the service tanks 
and will not start, freshclam will not download and have found no method 
to manually get or update the db.


Using IPv6 aware code
Max retries == 3
Querying current.cvd.clamav.net 
TTL: 962
Software version from DNS: 0.103.4
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.2 Recommended version: 0.103.4
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav 

Retrieving http://database.clamav.net/main.cvd 


Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
WARNING: Can't download main.cvd from database.clamav.net 


Trying again in 5 secs...


I have seen something similar on an older instance of clamav, where the 
database was seriously out-of date. The problem was that the download of 
new databases took too long. It worked, but was slow, and freshclam 
timed out before finishing the download and started over again. I think 
I had to increase "ReceiveTimeout 30" in freshclam.conf.


--
Best Regards
Vladislav Kurz

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav DOA

[Cody Allen]

thanks, i will give that a run and see how she does

> 
> On Nov 18, 2021, at 10:51 AM, Vladislav Kurz via clamav-users 
>  wrote:
> 
> CAUTION: This email originated from outside of the organization. Do not click 
> links or open attachments unless you recognize the sender and know the 
> content is safe.
> 
> 
> Dne 18. 11. 21 v 13:09 Cody Allen napsal(a):
>> frustrated, have spent days with a broken clamav nothing seems to work to 
>> download the db. can someone please shed some light on what is wrong and how 
>> to address the problem. running on a debian jessie appliance. at this point 
>> im dead in the water, without the databse the service tanks and will not 
>> start, freshclam will not download and have found no method to manually get 
>> or update the db.
>> Using IPv6 aware code
>> Max retries == 3
>> Querying current.cvd.clamav.net 
>> TTL: 962
>> Software version from DNS: 0.103.4
>> WARNING: Your ClamAV installation is OUTDATED!
>> WARNING: Local version: 0.101.2 Recommended version: 0.103.4
>> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav 
>> 
>> Retrieving http://database.clamav.net/main.cvd 
>> 
>> Ignoring mirror 104.16.218.84 (due to previous errors)
>> Ignoring mirror 104.16.219.84 (due to previous errors)
>> Ignoring mirror 104.16.218.84 (due to previous errors)
>> Ignoring mirror 104.16.219.84 (due to previous errors)
>> WARNING: Can't download main.cvd from database.clamav.net 
>> 
>> Trying again in 5 secs...
> 
> I have seen something similar on an older instance of clamav, where the 
> database was seriously out-of date. The problem was that the download of new 
> databases took too long. It worked, but was slow, and freshclam timed out 
> before finishing the download and started over again. I think I had to 
> increase "ReceiveTimeout 30" in freshclam.conf.
> 
> -- 
> Best Regards
>Vladislav Kurz
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav-users

[Γιώργος Κωστόπουλος via clamav-users]

>
> unfortunately, subscribing is often easier than unsubscribing which is not
> good.
>
> --

At the bottom of the mail, there's  the related link:

> https://lists.clamav.net/mailman/listinfo/clamav-users
>

Open it,  and (again) at the very bottom of the page, there's the
"Unsubscribe or edit options" button.

I suppose, Mailman is somewhat obscure when dealing with it, for the 1st time.
Bye!!!
G.
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] clamav-users

[Matus UHLAR - fantomas]

unfortunately, subscribing is often easier than unsubscribing which is not
good.


On 10.09.22 15:35, Γιώργος Κωστόπουλος via clamav-users wrote:

At the bottom of the mail, there's  the related link:


have you even read my email?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #98652: Operation completed successfully.
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] clamav-users

[Micah Snyder (micasnyd) via clamav-users]

Mailman is indeed obscure about these things, and even more obscure in the 
admin web interface.

Speaking of which, I just updating the email footer settings to specifically 
mention "unsubscribe".  Hopefully that helps.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of Γιώργος 
Κωστόπουλος via clamav-users 
Sent: Saturday, September 10, 2022 5:35 AM
To: ClamAV users ML 
Cc: Γιώργος Κωστόπουλος 
Subject: Re: [clamav-users] clamav-users

>
> unfortunately, subscribing is often easier than unsubscribing which is not
> good.
>
> --

At the bottom of the mail, there's  the related link:

> https://lists.clamav.net/mailman/listinfo/clamav-users
>

Open it,  and (again) at the very bottom of the page, there's the
"Unsubscribe or edit options" button.

I suppose, Mailman is somewhat obscure when dealing with it, for the 1st time.
Bye!!!
G.
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [Clamav-users] clamav-milter

[Török Edwin]

On 2010-06-18 14:50, Marie-Goretti Dejean wrote:
> 
> Hi,
> 
> I upgrade ClamAV to 96.1 on my mail server (Solaris 10 sparc)
> I have 3 process running :
> clamd
> freshclam
> clamav-milter

Are you upgrading from a version prior to 0.95?
If so read the instructions here, the milter was completely rewritten:
https://wiki.clamav.net/bin/view/Main/UpgradeNotes095#Using_the_new_clamav_milter

Also read etc/clamav-milter.conf

> 
> I use sendmail.
> I didn't have problems upgrading ClamAv but in this case, ClamAv doesn't
> appears in the header the messages like : X-Virus-Scanned:
> I guess that the messages recieved by my server are not scanned by ClamAv.
> 

Try 'AddHeader Yes' in clamav-milter.conf

Best regards,
--Edwin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] clamav-milter

[Marie-Goretti Dejean]

Hi,

Thanks Edwin !
It runs now !
:)

(Sorry for my english)

Marie


> On 2010-06-18 14:50, Marie-Goretti Dejean wrote:
>>
>> Hi,
>>
>> I upgrade ClamAV to 96.1 on my mail server (Solaris 10 sparc)
>> I have 3 process running :
>> clamd
>> freshclam
>> clamav-milter
>
> Are you upgrading from a version prior to 0.95?
> If so read the instructions here, the milter was completely rewritten:
> https://wiki.clamav.net/bin/view/Main/UpgradeNotes095#Using_the_new_clamav_milter
>
> Also read etc/clamav-milter.conf
>
>>
>> I use sendmail.
>> I didn't have problems upgrading ClamAv but in this case, ClamAv doesn't
>> appears in the header the messages like : X-Virus-Scanned:
>> I guess that the messages recieved by my server are not scanned by
>> ClamAv.
>>
>
> Try 'AddHeader Yes' in clamav-milter.conf
>
> Best regards,
> --Edwin
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
>


Marie-Goretti DEJEAN
CIRM Marseille-Luminy
http://www.cirm.univ-mrs.fr
tel : 04.91.83.30.15 - fax : 04.91.83.30.17

Pensez environnement !
N'imprimez ce mail que si c'est vraiment nécessaire
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] clamav-milter.sock

[Shawn Bakhtiar]

Looks like a permissions issue??:

Here is the perms on /var/run/clamd which is where my pid files et al are put

-rw-rw-r-- 1 clamav clamav 4 2010-07-10 16:10 clamav-milter.pid
srw-r--r-- 1 clamav clamav 0 2010-07-10 16:10 clamav-milter.socket
-rw-rw-r-- 1 clamav clamav 4 2010-07-10 16:10 clamd.pid
srw-rw-rw- 1 clamav clamav 0 2010-07-10 16:10 clamd.socket


But more importantly who is the clamd and clam-milt running as?



> Date: Thu, 15 Jul 2010 17:47:27 +0200

> From: m...@cirm.univ-mrs.fr
> To: clamav-users@lists.clamav.net
> Subject: [Clamav-users] clamav-milter.sock
> 
> Hello,
> 
> I ran successfully clamav-milter under solaris 10.
> My sendmail claims in its log file :
> WARNING: Xclamav-milter: local socket name /var/clamav/clamav-milter.sock
> missing
> 
> The process is running and the socket is listing in /var/clamav :
> srw-r--r--   1 root root   0 juil. 15 07:49
> /var/clamav/clamav-milter.sock
> 
> sendmail is running without problems.
> 
> Can someone have an idea ?
> Thanks a lot !
> 
> Marie
> 
> Pensez environnement !
> N'imprimez ce mail que si c'est vraiment nécessairehe
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
  
_
Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_1
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] clamav-milter.sock

[Marie-Goretti DEJEAN]

Hello,

Sorry, it was my fault :
I put clamav-milter.socket in my clamav-milter.conf

and clamav-milter.sock in my sendmail.cf !!
now it is running :)

However, I changed to User clamav
thanks

Marie

>
>
> Looks like a permissions issue??:
>
> Here is the perms on /var/run/clamd which is where my pid files et al are
> put
>
> -rw-rw-r-- 1 clamav clamav 4 2010-07-10 16:10 clamav-milter.pid
> srw-r--r-- 1 clamav clamav 0 2010-07-10 16:10 clamav-milter.socket
> -rw-rw-r-- 1 clamav clamav 4 2010-07-10 16:10 clamd.pid
> srw-rw-rw- 1 clamav clamav 0 2010-07-10 16:10 clamd.socket
>
>
> But more importantly who is the clamd and clam-milt running as?
>
>
>
>> Date: Thu, 15 Jul 2010 17:47:27 +0200
>
>> From: m...@cirm.univ-mrs.fr
>> To: clamav-users@lists.clamav.net
>> Subject: [Clamav-users] clamav-milter.sock
>>
>> Hello,
>>
>> I ran successfully clamav-milter under solaris 10.
>> My sendmail claims in its log file :
>> WARNING: Xclamav-milter: local socket name
>> /var/clamav/clamav-milter.sock
>> missing
>>
>> The process is running and the socket is listing in /var/clamav :
>> srw-r--r--   1 root root   0 juil. 15 07:49
>> /var/clamav/clamav-milter.sock
>>
>> sendmail is running without problems.
>>
>> Can someone have an idea ?
>> Thanks a lot !
>>
>> Marie
>> 
>> Pensez environnement !
>> N'imprimez ce mail que si c'est vraiment nécessairehe
>> ___
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> http://www.clamav.net/support/ml
>
> _
> Hotmail has tools for the New Busy. Search, chat and e-mail from your
> inbox.
> http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_1
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
>
>


-- 
Marie-Goretti DEJEAN
CIRM Marseille-Luminy
http://www.cirm.univ-mrs.fr
tel : 04.91.83.30.15 - fax : 04.91.83.30.17

Pensez environnement !
N'imprimez ce mail que si c'est vraiment nécessaire
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] ClamAV Releases

[Dennis Peterson]

On 8/16/10 11:38 AM, Tomasz Kojm wrote:

Dear users,

ClamAV 0.96.2 was released on August 12, 2010.  If you missed it check
it out here: http://www.clamav.net/download/sources.  Highlights include:


It's compiled and runs fine in Solaris 9 and 10, and RHEL 5.4, here.

9.6.1 did not put a notice in the log that there was a newer version, so I 
probably missed that notification policy change, so thanks for the post!


dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] clamav-mirror.sonic.net

[Joel Esler]

On Oct 11, 2012, at 3:45 AM, Al Varnell  wrote:

> I think it may be time to decommission this US Mirror, which is located only
> a few miles away from my location and has been a problem for years.  It
> doesn't seem to be listed any more on the status page
> , but it is listed on
> db.us.big.clamav.net and still comes up every few days.
> 
> Mirror #5
> IP: 69.12.162.28
> Successes: 0
> Failures: 21
> Last access: Mon Apr  2 07:45:04 2012
> Ignore: No


We actually don't have this IP in the rotation at all.  

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] clamav-mirror.sonic.net

[Al Varnell]

On 10/12/12 7:49 AM, "Joel Esler"  wrote:

> On Oct 11, 2012, at 3:45 AM, Al Varnell  wrote:
> 
>> I think it may be time to decommission this US Mirror, which is located only
>> a few miles away from my location and has been a problem for years.  It
>> doesn't seem to be listed any more on the status page
>> , but it is listed on
>> db.us.big.clamav.net and still comes up every few days.
>> 
>> Mirror #5
>> IP: 69.12.162.28
>> Successes: 0
>> Failures: 21
>> Last access: Mon Apr  2 07:45:04 2012
>> Ignore: No
> 
> 
> We actually don't have this IP in the rotation at all.
> 
Thank you Joel and I'm sorry, you are correct, I grabbed the wrong one.

This is the one that failed on me again yesterday...

> Can't connect to port 80 of host db.US.clamav.net (IP: 69.12.16.28)

But it's not in my .dat file at all and although it was in
db.us.big.clamav.net yesterday, it's no longer there, so whatever the
problem was is gone now.


-Al-
 
-- 
Al Varnell
Mountain View, CA



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] ClamAV - OpenNMS

[Pierre Dehaen]

Hello  Marcel,

> does ClamAV provide SNMP support? My idea is that ClamAV sends snmp
> traps with all information (like the results at the prompt) to a snmp
> server like OpenNMS, when a virus was found. OpenNMS is a network
> management system. Primary it monitors network infrastructures. But
> you can also handle snmp traps from printers, servers, programs and
> and and... 
> So why not from ClamAV?

You're talking about the command line (prompt) so I guess you are not scanning 
emails but 
rather directories... but, who knows, this might give you ideas.

I use ClamAV for mail scanning and I don't send traps on mail viruses and spams 
as there 
are too many of them, but I let my management system query the mail relay via 
SNMP every 
5 minutes.

I added this to my snmpd.conf:
exec 1.3.6.1.4.1.2021.8.990 mailstat.pl /usr/sbin/mailstat.pl -t
exec 1.3.6.1.4.1.2021.8.991 mailstat.pl /usr/sbin/mailstat.pl -v

And I created the mailstat.pl as follows. Of course, depending on your needs 
and on the tools 
you use, you might have to tune this... It computes statistics out of 
/var/log/syslog and out of 
the output of /usr/bin/mailstats (that you might need to initialize first, and 
reset at midnight for 
instance). Persistent counters are saved in /var/log/mailstats.

--mailstat.pl---
#!/usr/bin/perl
# Dhn, 2008/06/30
# Script used by snmpd to collect and return mail statistics but
#   it can run from the CLI too.
# Usage: mailstat.pl [-t] [-v]
#   Returns the "title:value" statistics by defaults, or only the titles (-t)
#   or only the values (-v). The statistics are always displayed in the 
#   same order (see @keys array).
#use strict;

# Defaults
my $in="/var/log/syslog";   # log pipe
my $stats="/var/log/mailstats"; # persistent counters
my $fl = "";# flags for output (''|t|v)
my %ctr = ();   # current counters
my $w = 0;  # write flag
my @ln = ();# splitted line
my @arr = ();   # splitted word
my @stat = ();  # file stats
my $key = "";   # one hash key
my $out = "";   # buffer for outputt
#my $pos = 0;   # current position
my @keys = qw/accepted blacklisted discard greeting ham mail pca seen spam 
unknown
 virus bytesfr bytesto msgsfr msgsto connfr connto mailq inode position 
zlast/;


# Functions / handlers
sub writestats {
  $ctr{"seen"} = $ctr{"greeting"} + $ctr{"blacklisted"} + $ctr{"unknown"} + 
$ctr{"spam"} +
 + $ctr{"virus"} + $ctr{"ham"};
  $ctr{"accepted"} = $ctr{"spam"} - $ctr{"discard"} + $ctr{"ham"};
  $ctr{"pca"} = int(($ctr{"seen"} != 0) ? (1 * $ctr{"accepted"} / 
$ctr{"seen"}) : 0)/100;
  #$ctr{"position"} = $pos;
  open OUT, ">", $stats or die "Cannot open $stats for writing: $!\n";
  $out = "";
  #foreach $key (sort keys %ctr) {
  foreach $key (@keys) {
if ($key eq "zlast") {
  printf OUT "%12s: %-60s\n", $key, $ctr{$key};
} else {
  printf OUT "%12s: %12d\n", $key, $ctr{$key};
}
&saveout($key);
  }
  close OUT;
  $w = 0;
}

sub saveout {
  my $key = @_[0];
  return if ($key eq "inode" || $key eq "position" || $key eq "zlast");
  if ($fl eq "t") {
$out .= "$key\n";
  } elsif ($fl eq "v") {
$out .= "$ctr{$key}\n";
  } else {
$out .= sprintf("%12s: %12d\n", $key, $ctr{$key});
  }
}

sub computestats {
  seek IN, $ctr{"position"}, SEEK_SET;
  #$pos = $ctr{"position"};
  while () {
#$pos += length($_);
$ctr{"position"} += length($_);
$ctr{"zlast"} = substr($_, 0, 60);
@ln = split;
if (/ sendmail.* reject=550 5.7.1 Spam blocked /) {
  $ctr{"blacklisted"}++; $w++;
} elsif (/ sendmail.* reject=550 5.1.1 .* User unknown/) {
  $ctr{"unknown"}++; $w++;
} elsif (/ sendmail.* due to pre-greeting traffic/) {
  $ctr{"greeting"}++; $w++;
} elsif ($ln[4] =~ /^mimedefang.pl/ && $ln[8] =~ /^MDLOG,/) {
  @arr = split /,/, $ln[8];
  #if ($arr[2] eq "spam" && $arr[3] > 9) {
  #  $ctr{"spam"}++; $ctr{"discard"}++; $w++;
  if ($arr[2] eq "spamd") {
$ctr{"spam"}++; $ctr{"discard"}++; $w++;
  } elsif ($arr[2] eq "spam") {
$ctr{"spam"}++; $w++;
  } elsif ($arr[2] eq "virus") {
if ($arr[3] =~ /^Sanesecurity/) {
  $ctr{"spam"}++; $ctr{"discard"}++; $w++;
} else {
  $ctr{"virus"}++; $w++;
}
  } elsif ($arr[2] eq "ham") {
$ctr{"ham"}++; $w++;
  } elsif ($arr[2] eq "mail_in") {
$ctr{"mail"}++; $w++;
  }
}
&writestats if ($w >= 100);
  }
}

sub sendmailstats {
  open STATS, "/usr/bin/mailstats|" or die "$0: mailstats error 
/usr/bin/mailstats: $!";
  while (chomp ($line = )) {
if ($. > 2) {
  ($m, $line) = split(' ', $line, 2);
  if ($m eq "T") {
($msgsfr, $bytesfr, $msgsto, $bytesto) = (split (/ +/, $line))[0,1,2,3];
cho

Re: [clamav-users] clamav-mirror.sonic.net

[A K Varnell]

On Oct 12, 2012, at 7:49 AM, Joel Esler  wrote:
> On Oct 11, 2012, at 3:45 AM, Al Varnell  wrote:
>> I think it may be time to decommission this US Mirror, which is located only
>> a few miles away from my location and has been a problem for years.  It
>> doesn't seem to be listed any more on the status page
>> , but it is listed on
>> db.us.big.clamav.net and still comes up every few days.
>> 
>> Mirror #5
>> IP: 69.12.162.28
>> Successes: 0
>> Failures: 21
>> Last access: Mon Apr  2 07:45:04 2012
>> Ignore: No

> We actually don't have this IP in the rotation at all.  
> 
> --
> Joel Esler

Sorry to have to bring this up again after all this time, but it seems to be a 
small issue again.

As you can see it's back in the rotation again:

> $ host database.clamav.net
> database.clamav.net is an alias for db.local.clamav.net.
> db.local.clamav.net is an alias for db.us.rr.clamav.net.
> db.us.rr.clamav.net has address 64.22.33.90
> db.us.rr.clamav.net has address 69.12.162.28
> db.us.rr.clamav.net has address 150.214.142.197
> db.us.rr.clamav.net has address 194.186.47.19
> db.us.rr.clamav.net has address 207.57.106.31

then:

> $ /usr/local/clamXav/bin/freshclam --list-mirrors
> Mirror #3
> IP: 69.12.162.28
> Successes: 23
> Failures: 0
> Last access: Tue Jun 25 07:45:21 2013
> Ignore: No
> -

>From my freshclam.log there have been four attempts to use that mirror since 
>Apr 25, three successes and only this failure:

> ClamAV update process started at Sat Jun 22 13:47:35 2013
> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: 
> sven)
> connect_error: getsockopt(SO_ERROR): fd=6 error=61: Connection refused
> Can't connect to port 80 of host database.clamav.net (IP: 69.12.162.28)

That mirror is not included on your mirror status site 


Another user notified me that he had a failure with this mirror yesterday, so 
I've been trying to do a trace route on it over the last 24 hours and it times 
out after hitting "mirrors.200p-sf.sonic.net (69.12.162.27)" so it's apparently 
down.

So here are a few questions:

- Is clamav-mirror.sonic.net still in the rotation?

- Is it reliable enough to retain it and if so can it be added back to the 
mirror status page?

- What's the current rule on when an error is counted as a failure in 
mirrors.dat?


-Al-
-- 
Al Varnell
Mountain View, CA

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Clamav configuration

[tejas sarade]

TCPAddr is the IP address ClamAV daemon listen on. It should be set to
127.0.0.1 as long as you are not using ClamAV server accepting files to
scan from other hosts.


On Thu, Jan 9, 2014 at 3:13 PM, Joshua Soulwin Malayappan <
joshua_malayap...@infosys.com> wrote:
>
> Hi,
>
> Can you please let me know the configurations needed to be done in
clamd.conf after installing clamav.
>
> I went through the site
http://solutionsfox.com/2011/04/install-clamav-on-redhat-or-centos/
> And it was given as
>
> TCPAddr 127.0.0.1
> TCPSocket 3310
> User root
> MaxThreads 30
>
> Can you please help me out by explaining what TCPAddr I should configure
here.
> Thanks in advance.
>
> Regards,
> Josh
>
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml