Re: Re[2]: [Declude.Virus] Second Scanner
I also use Terry's runclamscan with no issues. I have had rare email melt downs when I was running runclamd. I could never pin it firmly on anything. So I stopped the runclamd to see how it handles. - Original Message - From: "David Sullivan" <[EMAIL PROTECTED]> To: Sent: Saturday, June 04, 2005 1:18 PM Subject: Re[2]: [Declude.Virus] Second Scanner Hello Scott, Friday, June 3, 2005, 10:48:47 PM, you wrote: SF> One last ClamAV comment... SF> I've added the command line switch --max-ratio 0 SF> I've had some false positives on some .zip files that forced me to add the SF> switch. Thanks for the info. I've been running clam now with Terry's runclamscan since last night on 2 machines. At one point on each machine started getting these errors in the Declude Virus file: 06/04/2005 14:06:54 Qed820cb43917 ERROR: Virus scanner 2 didn't finish after 60 seconds; terminating. 06/04/2005 14:06:54 Qed820cb43917 WARNING: Couldn't remove .vir directory o:\spool\Ded820cb43917.vir\: SHARING VIOLATION. 06/04/2005 14:06:54 Qed820cb43917 Likely problem: An on-access scanner is interfering; disable or set not to scan subdirectories off of \IMail\spool. Then, they balloon to ones like this: 06/04/2005 14:07:25 Qed87026a0076c30a ERROR: Could not move virus-infected E-mail! Code: 32 0 o:\spool\Ded87026a0076c30a.SMD L:\virustrap\Ded87026a0076c30a.SMD. Re-trying. 06/04/2005 14:07:26 Qed82035200bac2f1 ERROR: Could not move virus-infected E-mail! Code: 32 0 o:\spool\Ded82035200bac2f1.SMD L:\virustrap\Ded82035200bac2f1.SMD. Re-trying. 06/04/2005 14:07:26 Qed8402890066c2fa ERROR: Could not move virus-infected E-mail! Code: 32 0 o:\spool\Ded8402890066c2fa.SMD L:\virustrap\Ded8402890066c2fa.SMD. Re-trying. It took a reboot of both machines to fix the problem. On one I had 288 process running which fouls everything else up. Clam is SCANNER2 Any ideas? -- Best regards, Davidmailto:[EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.Virus] Second Scanner
Just out of curiosity, what declude version are you using? I have a related problem with my second scanner (bitdefender) and I am using declude beta. I am testing things now going back to the last non beta declude version 2.06 Luis > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > [EMAIL PROTECTED] On Behalf Of David Sullivan > Sent: Sábado, 04 de Junio de 2005 01:18 p.m. > To: Declude.Virus@declude.com > Subject: Re[2]: [Declude.Virus] Second Scanner > > Hello Scott, > > Friday, June 3, 2005, 10:48:47 PM, you wrote: > > SF> One last ClamAV comment... > > SF> I've added the command line switch --max-ratio 0 > SF> I've had some false positives on some .zip files that forced me to add > the > SF> switch. > > Thanks for the info. I've been running clam now with Terry's > runclamscan since last night on 2 machines. At one point on each > machine started getting these errors in the Declude Virus file: > > 06/04/2005 14:06:54 Qed820cb43917 ERROR: Virus scanner 2 didn't finish > after 60 seconds; terminating. > 06/04/2005 14:06:54 Qed820cb43917 WARNING: Couldn't remove .vir > directory o:\spool\Ded820cb43917.vir\: SHARING VIOLATION. > 06/04/2005 14:06:54 Qed820cb43917 Likely problem: An on-access scanner > is interfering; disable or set not to scan subdirectories off of > \IMail\spool. > > Then, they balloon to ones like this: > > 06/04/2005 14:07:25 Qed87026a0076c30a ERROR: Could not move virus-infected > E-mail! Code: 32 0 o:\spool\Ded87026a0076c30a.SMD > L:\virustrap\Ded87026a0076c30a.SMD. Re-trying. > 06/04/2005 14:07:26 Qed82035200bac2f1 ERROR: Could not move virus-infected > E-mail! Code: 32 0 o:\spool\Ded82035200bac2f1.SMD > L:\virustrap\Ded82035200bac2f1.SMD. Re-trying. > 06/04/2005 14:07:26 Qed8402890066c2fa ERROR: Could not move virus-infected > E-mail! Code: 32 0 o:\spool\Ded8402890066c2fa.SMD > L:\virustrap\Ded8402890066c2fa.SMD. Re-trying. > > It took a reboot of both machines to fix the problem. On one I had 288 > process running which fouls everything else up. Clam is SCANNER2 > > Any ideas? > -- > Best regards, > Davidmailto:[EMAIL PROTECTED] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > __ > [Email scanned for viruses by Panda Consulting -www.pandacons.com-] > [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] __ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: Re[2]: [Declude.Virus] Second Scanner
One other ClamAV tip. If you can afford the performance hit and can use PRESCAN OFF, clamav will be a very effective Phish blocker. - Original Message - From: "David Sullivan" <[EMAIL PROTECTED]> To: Sent: Friday, June 03, 2005 3:20 PM Subject: Re[2]: [Declude.Virus] Second Scanner Hello Terry, Friday, June 3, 2005, 3:26:33 PM, you wrote: How can I figure out if freshclam is grabbing the latest defs? TF> I set up a scheduled task update_clamav to run every 2 hours or so: TF> start in: c:\clamav-devel\bin\ TF> run: freshclam.exe --quiet -l c:\clamav-devel\log\freshclam.log Works like a charm. TF> Then I can check the freshclam.log file. Looks good. I have "Rundclamd" running as a service under LocalSystem. Should I set the startup type to "Automatic" or leave it at "Manual"? TF> Mine is set to automatic. Done Now have clam setup as Scanner2. Am I to assume that anything showing up in the runclamscan.log is something that got by Fprot? -- Best regards, Davidmailto:[EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: Re[2]: [Declude.Virus] Second Scanner
P.S. You can schedule freshclam often because it makes a DNS call to determine if there is a new version of the database, it will only download if that DNS result tells it to. Very efficient. I schedule freshclam every 15 minutes. - Original Message - From: "David Sullivan" <[EMAIL PROTECTED]> To: "Terry Fritts" Sent: Friday, June 03, 2005 11:14 AM Subject: Re[2]: [Declude.Virus] Second Scanner Hello Terry, TF> ClamAV - TF> http://www.sosdg.org/clamav-win32/index.php TF> Get my utilities: runclamd, runclamdscan TF> http://www.smartbusiness.com/imail/declude/ TF> Set up a scheduled task to periodically run freshclam to keep the TF> database update. TF> Works extremely well for us. Thanks, I'll give it a try. -- Best regards, Davidmailto:[EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.Virus] Second Scanner
I use ClamAV (with Runclamscan/Runclamd) as my second scanner and it works great. The only downside is it is a resource hog (but still worth it.) If and when you move to AV/JM 2.0.6.16, consider using the new directive EXITSCANONVIRUSDETECT. It has helped. John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Sullivan Sent: Friday, June 03, 2005 11:14 AM To: Terry Fritts Subject: Re[2]: [Declude.Virus] Second Scanner Hello Terry, TF> ClamAV - TF> http://www.sosdg.org/clamav-win32/index.php TF> Get my utilities: runclamd, runclamdscan TF> http://www.smartbusiness.com/imail/declude/ TF> Set up a scheduled task to periodically run freshclam to keep the TF> database update. TF> Works extremely well for us. Thanks, I'll give it a try. -- Best regards, Davidmailto:[EMAIL PROTECTED] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
