Re: clamav out of date?!
On Sat, Mar 24, 2007 at 07:35:26PM +0100, the unit calling itself Marc Balmer wrote: > J Moore wrote: > >LibClamAV warning - this version of the ClamAV engine is outdated > > this is a ports@openbsd.org question. You are correct. Perhaps if I re-post the question there the maintainer will tell us when clamav will be updated in the 4.0 ports tree. Rgds, Jay
Re: error building unrar 3.54p0
On Wed, Aug 02, 2006 at 11:02:08AM +0200, the unit calling itself Marc Espie wrote: > > > 3) both ftp sites *and* local packages can be specified in PKG_PATH > > Of course ;-) > > > > So perhaps if I had followed this sequence I could have avoided the > > problems I encountered: > > > > # setenv PKG_PATH > > ftp://ftp3.usa.openbsd.org/pub/OpenBSD/3.9/packages/i386/;/usr/ports/packages/i386/all > > Nope. What is that ; ? Use : to separate elements, as usual. pkg_add is smart > enough to desambiguate ftp:// from path separators. thanks... the ";" is the same thing as "desambiguate" - a typo :) The following seems to work for me: # setenv PKG_PATH ftp://ftp3.usa.openbsd.org/pub/OpenBSD/3.9/packages/i386/:/usr/ports/packages/i386/all/ > Note that, in most cases, you can use `make update' to update the installation > of existing packages. `make update FORCE_UPDATE=Yes' will even force the > update with precisely -F update -F updatedepends -F installed > > I'll make a note to add a quick description of make update to ports(7), since > it's currently documented in bsd.port.mk(5), which is a bit too much for > the average user Yes... I'm quite sure I would have never found it there ;) Best Rgds, J PS: ports and package management have come an incredibly long way since 2.6. I understand you are largely responsible for these improvements - many thanks for your hard work!
Re: error building unrar 3.54p0
On Tue, Aug 01, 2006 at 05:59:04PM +0200, the unit calling itself Nikolay Sturm wrote: > > This worked well for the most part - the exceptions being unrar & > > unarj; a couple of archivers required by clamav. The pkg_add update > > said it couldn't upgrade those packages. As I understand it, pkg_add > > doesn't work with these apps due to some political/licensing issue - > > they are provided as ports ONLY (not packages). > > pkg_add works perfectly fine with these packages, they are just not > provided by OpenBSD. That means you have to build the packages yourself > and then pkg_add -r and -u will work, assuming your PKG_PATH environment > variable is set correctly or you use absoulte pathnames. > > BTW: Providing details means as well to provide exact comand lines and > error messages. Interpretations of error messages are basically useless. Yes - in many cases you are correct. So here's what did finally work: # pkg_add -r /usr/ports/packages/i386/all/unrar-3.54p0.tgz unrar-3.54p0 (extracting): complete unrar-3.43 (deleting): complete unrar-3.54p0 (installing): complete Clean shared items: complete Some things I learned: 1) a successful 'make' produces a package; pkg_create doesn't appear to be required. 2) all "made" packages go to /usr/ports/packages/i386/all 3) both ftp sites *and* local packages can be specified in PKG_PATH So perhaps if I had followed this sequence I could have avoided the problems I encountered: # setenv PKG_PATH ftp://ftp3.usa.openbsd.org/pub/OpenBSD/3.9/packages/i386/;/usr/ports/packages/i386/all # pkg_add -ui -F update -F updatedepends Thnx, J
Re: error building unrar 3.54p0
On Tue, Aug 01, 2006 at 04:45:26PM +0200, the unit calling itself Nikolay Sturm wrote: > > > > Can't install unrar-3.54p0 because of conflicts (unrar-3.43) > > > > > > This is clear, no? > > > > No, I'm afraid it's not... I tried un-installing unrar-3.43, but got a > > warning to the effect that this would also require removal of clamav. > > > > I tried using the new "update" feature of pkg_add for the 3.9 upgrade > > I just completed (as opposed to manually removing and adding). I > > recall that pkg_add punted on updating unrar & unarj. I guess I should > > just stick with the manual removal & add process... > > Well, if you don't provide details, nobody can help you. If you want to > update a single package, use pkg_add -r unrar-3.54p0. I don't think that works in this case... Sorry, I should have provided more details - I didn't realize this was a package-specific problem. So here's the blow-by-blow: I tried the new "update" feature of pkg_add following my 3.8-to-3.9 upgrade. This worked well for the most part - the exceptions being unrar & unarj; a couple of archivers required by clamav. The pkg_add update said it couldn't upgrade those packages. As I understand it, pkg_add doesn't work with these apps due to some political/licensing issue - they are provided as ports ONLY (not packages). So - after doing the "package add w/ update" to upgrade all of my other packages, unrar & unarj have to be upgraded from ports via "make && make install". I checked version numbers & saw that unarj did not need upgrading, but my existing version of unrar was an old one. make completed without incident; make install failed iaw the error message above. Perhaps the solution is to rip out clamav, and go through the whole mess of other dependencies to get this package upgraded... but I'm hoping there is a better/easier way. Anyway, any advice is appreciated. Thnx, J
Re: error building unrar 3.54p0
On Tue, Aug 01, 2006 at 08:29:21AM +0200, the unit calling itself Nikolay Sturm wrote: > > While attempting 'make install' on a 3.9 stable box, errors were > > encountered. > > > > Where'd I go wrong? > > You didn't read the error message. > > > ===> Building package for unrar-3.54p0 > > ===> Installing unrar-3.54p0 from > > /usr/ports/packages/i386/all/unrar-3.54p0.tgz > > Can't install unrar-3.54p0 because of conflicts (unrar-3.43) > > This is clear, no? No, I'm afraid it's not... I tried un-installing unrar-3.43, but got a warning to the effect that this would also require removal of clamav. I tried using the new "update" feature of pkg_add for the 3.9 upgrade I just completed (as opposed to manually removing and adding). I recall that pkg_add punted on updating unrar & unarj. I guess I should just stick with the manual removal & add process... Jay
error building unrar 3.54p0
While attempting 'make install' on a 3.9 stable box, errors were encountered. Where'd I go wrong? ===> Building package for unrar-3.54p0 ===> Installing unrar-3.54p0 from /usr/ports/packages/i386/all/unrar-3.54p0.tgz Can't install unrar-3.54p0 because of conflicts (unrar-3.43) /usr/sbin/pkg_add: /usr/ports/packages/i386/all/unrar-3.54p0.tgz:Fatal error *** Error code 1 Stop in /usr/ports/archivers/unrar (line 2019 of /usr/ports/infrastructure/mk/bsd.port.mk). Thnx, J
Re: akpop3d questions
On Mon, Nov 28, 2005 at 12:34:05PM +1100, the unit calling itself Ian McWilliam wrote: > > On 28 Nov 2005, at 8:18 AM, J Moore wrote: > > >Ian, > > > >Hope you'll excuse my persistence, but I'm still struggling with > >akpop3d. I may be confused, but here's how I see my choices: > > > >1. chgrp mail /var/mail (after adding mail as a group) > >2. akpop3d -g wheel (give akpop3 wheel privileges ?) > > > > Not really the port needs fixing some what. Try the attached tar ball. > > The port now creates a group _akpop3d and the lock files writable by > the _akpop3d group. > You will need to make /var/mail group writable, leave the permissons > on /var/mail as root:wheel (the default). > The command line I've used for simple testing is > > /usr/local/sbin/akpop3d -d -s -c /etc/ssl/server.crt -k /etc/ssl/ > private/server.key Ian, I'm groggy, but I think this fixes it. I plan to start using it in a day or two & will let you know if I see anything. Many thanks, and it looks like you may have inherited a port :) Oh - I tried to create a diff between the tarball you sent, and the stuff in the tree... it was pretty ugly, and didn't seem to apply. diff -u -p -r /.../ians_akpop3d /usr/ports/mail/akpop3d > ian.patch Jay
Re: akpop3d questions
On Thu, Nov 24, 2005 at 07:17:54PM +1100, the unit calling itself Ian McWilliam wrote: > > > >The culprit seems to be the "group not found" error... WTF, O?? > > > > OK, It looks like the port needs some work as it doesn't handle the > default group name. > > main.c:# define DEFAULT_GROUP_NAME "mail" > > It appears that this can be changed with a command line arg. True, but running it wit '-g wheel' does not solve the problem. > > main.c: case 'g': group_name = optarg; break; > > It looks like the groupname is used as an argument to lock the users > mail box. << snip >> > yup, it then fchowns the lock file > > lock_maildrop.c: fchown(fd,uid,gid); > > So I would assume on other unix systems /var/mail is group mail by > default, maybe??. > > if you want to add mail to the /etc/group file This doesn't seem to work... akpop3d writes a lockfile to /var/mail, but it doesn't delete it when it finishes. I seem to be the only one interested in trying to fix this... the maintainer hasn't replied in over a week, and the other advice I've gotten has ranged from "try another package" to "you're too stupid, so I won't explain it to you". I may be stupid, but if someone will try to explain what changes are needed, I'll try to come up with a patch. At the very least, I'll test the friggin' thing so there won't be dysfunctional crap in the ports tree. Jay
Re: akpop3d questions
On Thu, Nov 24, 2005 at 08:49:25AM +0100, the unit calling itself Xavier Santolaria wrote: > so spake J Moore on Thu, Nov 24, 2005 at 07:40:24AM CET: > [...] > > > The culprit seems to be the "group not found" error... WTF, O?? > > > > > > 23:17:13.312 << 0009 USER jm\0D\0A > > > 23:17:13.359 >> 0005 +OK\0D\0A > > > 23:17:13.359 << 0017 PASS abcdefghij\0D\0A > > > 23:17:13.500 >> 0033 -ERR [SYS/TEMP] group not found\0D\0A > > > 23:17:20.718 << 0006 QUIT\0D\0A > > > 23:17:20.718 18: SSL read error -41 (locus 0, type 0, code 0, 'No data > > > was read because the remote system closed the connection (recv() == 0)') > > > --- Connection closed normally at Wed, 23 Nov 2005 23:17:20. --- > > > > What is this group "mail"...? > > http://marc.theaimsgroup.com/?t=11320426661&r=1&w=2 OK - I didn't see this when I Google'd last night - thanks! ... guess the port maintainer is too busy. > > How does it get set up? > > Why is it not addressed in the docs od the instructions? >
Re: akpop3d questions
On Thu, Nov 24, 2005 at 07:17:54PM +1100, the unit calling itself Ian McWilliam
wrote:
> >
> >Perhaps some fwd progress... got cert & key files installed, but I am
> >bombing during the authentication process. Following is part of the
> >debug output from my client. I double-checked the password value, and
> >it's correct (changed here, but my client's log shows it correctly).
> >
> >The culprit seems to be the "group not found" error... WTF, O??
> >
> >23:17:13.312 << 0009 USER jm\0D\0A
> >23:17:13.359 >> 0005 +OK\0D\0A
> >23:17:13.359 << 0017 PASS abcdefghij\0D\0A
> >23:17:13.500 >> 0033 -ERR [SYS/TEMP] group not found\0D\0A
> >23:17:20.718 << 0006 QUIT\0D\0A
> >23:17:20.718 18: SSL read error -41 (locus 0, type 0, code 0, 'No data
> >was read because the remote system closed the connection (recv() ==
> >0)')
> >--- Connection closed normally at Wed, 23 Nov 2005 23:17:20. ---
> >
>
> OK, It looks like the port needs some work as it doesn't handle the
> default group name.
>
> main.c:# define DEFAULT_GROUP_NAME "mail"
>
> It appears that this can be changed with a command line arg.
It can - that's how I finally got it to work. According to man akpop3d,
-g groupID does it. (and apparently I'm confused - I thought group ID
was the number, but akpop3d wants the group name, ... whatever)
> main.c: case 'g': group_name = optarg; break;
>
> It looks like the groupname is used as an argument to lock the users
> mail box.
>
> pop3_session.c.orig: g_inf = getgrnam("mail");
> pop3_session.c.orig: if (g_inf==NULL) {
> pop3_session.c.orig: if (setegid(g_inf->gr_gid)!=0 && real_username
> [0] == 0) {
> pop3_session.c.orig:syslog(LOG_ERR,"%s: %u: %s","setegid()
> failed",g_inf->gr_gid,strerror(errno));
> pop3_session.c.orig: if (setgid(g_inf->gr_gid)!=0 && real_username
> [0] == 0) {
> pop3_session.c.orig:syslog(LOG_ERR,"%s: %u: %s","setgid()
> failed",g_inf->gr_gid,strerror(errno));
> pop3_session.c.orig: if ((rc=lock_maildrop(maildrop,u_inf-
> >pw_uid,g_inf->gr_gid))<=0)
>
> yup, it then fchowns the lock file
>
> lock_maildrop.c: fchown(fd,uid,gid);
>
> So I would assume on other unix systems /var/mail is group mail by
> default, maybe??.
That may be... I checked a FreeBSD and a Linux (Fedora) box - both
listed "mail" as the group for /var/mail. So OpenBSD would appear to be
in a minority position.
> if you want to add mail to the /etc/group file
>
> man -k groupadd
>
> groupadd (8) - add a group to the system
I thought about this, but wouldn't you actually have to change group
ownership of /var/mail to group "mail" for this to make any difference?
And if you did this, wouldn't you risk breaking something else?
Thanks for the insight,
Jay
Re: akpop3d questions
On Wed, Nov 23, 2005 at 11:28:47PM -0600, the unit calling itself J Moore wrote: > On Wed, Nov 23, 2005 at 10:08:13PM -0600, the unit calling itself J Moore > wrote: > > I need to set up a POP3 server for a while, and after a quick survey, > > akpop3d seemed like a good choice - partly because it supports POP3 via > > SSL. So I built it from the ports tree (3.8 -stable), and installed it. > > > > I am currently starting from the command line as follows: > > # akpop3d -d -s > > > > Attempts to connect result in immediate complaints from the client (I've > > tried two of them: Evolution (Linux) and Pegasus (Windoze). > > > > I'm assuming this is due to the fact that I have no cert or key file > > installed or generated? > > > > Before I invest any more time in this, I thought I'd ask if anyone else > > is using akpop3d, what the consensus of opinion is on it, and if there > > is any documentation on how to generate the .pem (Base64-encoded?) cert > > and key files. > > Perhaps some fwd progress... got cert & key files installed, but I am > bombing during the authentication process. Following is part of the > debug output from my client. I double-checked the password value, and > it's correct (changed here, but my client's log shows it correctly). > > The culprit seems to be the "group not found" error... WTF, O?? > > 23:17:13.312 << 0009 USER jm\0D\0A > 23:17:13.359 >> 0005 +OK\0D\0A > 23:17:13.359 << 0017 PASS abcdefghij\0D\0A > 23:17:13.500 >> 0033 -ERR [SYS/TEMP] group not found\0D\0A > 23:17:20.718 << 0006 QUIT\0D\0A > 23:17:20.718 18: SSL read error -41 (locus 0, type 0, code 0, 'No data > was read because the remote system closed the connection (recv() == 0)') > --- Connection closed normally at Wed, 23 Nov 2005 23:17:20. --- What is this group "mail"...? How does it get set up? Why is it not addressed in the docs od the instructions? Thnx, Jay
Re: akpop3d questions
On Wed, Nov 23, 2005 at 10:08:13PM -0600, the unit calling itself J Moore wrote: > I need to set up a POP3 server for a while, and after a quick survey, > akpop3d seemed like a good choice - partly because it supports POP3 via > SSL. So I built it from the ports tree (3.8 -stable), and installed it. > > I am currently starting from the command line as follows: > # akpop3d -d -s > > Attempts to connect result in immediate complaints from the client (I've > tried two of them: Evolution (Linux) and Pegasus (Windoze). > > I'm assuming this is due to the fact that I have no cert or key file > installed or generated? > > Before I invest any more time in this, I thought I'd ask if anyone else > is using akpop3d, what the consensus of opinion is on it, and if there > is any documentation on how to generate the .pem (Base64-encoded?) cert > and key files. Perhaps some fwd progress... got cert & key files installed, but I am bombing during the authentication process. Following is part of the debug output from my client. I double-checked the password value, and it's correct (changed here, but my client's log shows it correctly). The culprit seems to be the "group not found" error... WTF, O?? 23:17:13.312 << 0009 USER jm\0D\0A 23:17:13.359 >> 0005 +OK\0D\0A 23:17:13.359 << 0017 PASS abcdefghij\0D\0A 23:17:13.500 >> 0033 -ERR [SYS/TEMP] group not found\0D\0A 23:17:20.718 << 0006 QUIT\0D\0A 23:17:20.718 18: SSL read error -41 (locus 0, type 0, code 0, 'No data was read because the remote system closed the connection (recv() == 0)') --- Connection closed normally at Wed, 23 Nov 2005 23:17:20. --- Thanks, Jay
akpop3d questions
I need to set up a POP3 server for a while, and after a quick survey, akpop3d seemed like a good choice - partly because it supports POP3 via SSL. So I built it from the ports tree (3.8 -stable), and installed it. I am currently starting from the command line as follows: # akpop3d -d -s Attempts to connect result in immediate complaints from the client (I've tried two of them: Evolution (Linux) and Pegasus (Windoze). I'm assuming this is due to the fact that I have no cert or key file installed or generated? Before I invest any more time in this, I thought I'd ask if anyone else is using akpop3d, what the consensus of opinion is on it, and if there is any documentation on how to generate the .pem (Base64-encoded?) cert and key files. Thnx, Jay
Re: UPDATE: security/clamav
On Sat, Nov 05, 2005 at 11:59:20PM +0100, the unit calling itself Nikolay Sturm wrote: > > Will this show up as a patch to the 3.7 -stable ports tree anytime > > soon, or is it safe just to apply the patch to the 3.7 ports tree? > > This will be applied to 3.7-stable and 3.8-stable as soon as it gets > committed to -current. Cool! I can wait a few days.
Re: UPDATE: security/clamav
Will this show up as a patch to the 3.7 -stable ports tree anytime soon,
or is it safe just to apply the patch to the 3.7 ports tree?
Thnx,
Jay
On Fri, Nov 04, 2005 at 09:02:20PM +0200, the unit calling itself nikns wrote:
> clamav 0.87.1 - security update:
> http://sourceforge.net/project/shownotes.php?release_id=368319
>
>
> ? ports/security/clamav/w-clamav-0.87.1
> Index: ports/security/clamav/Makefile
> ===
> RCS file: /cvs/ports/security/clamav/Makefile,v
> retrieving revision 1.8.2.2
> diff -u -r1.8.2.2 Makefile
> --- ports/security/clamav/Makefile1 Nov 2005 11:50:23 - 1.8.2.2
> +++ ports/security/clamav/Makefile4 Nov 2005 19:15:30 -
> @@ -1,8 +1,7 @@
> # $OpenBSD: Makefile,v 1.8.2.2 2005/11/01 11:50:23 sturm Exp $
>
> COMMENT= "free virus scanner"
> -DISTNAME=clamav-0.87
> -PKGNAME= ${DISTNAME}p0
> +DISTNAME=clamav-0.87.1
> CATEGORIES= security
>
> HOMEPAGE=http://www.clamav.net/
> Index: ports/security/clamav/distinfo
> ===
> RCS file: /cvs/ports/security/clamav/distinfo,v
> retrieving revision 1.7.2.1
> diff -u -r1.7.2.1 distinfo
> --- ports/security/clamav/distinfo1 Nov 2005 11:22:10 - 1.7.2.1
> +++ ports/security/clamav/distinfo4 Nov 2005 19:15:30 -
> @@ -1,4 +1,4 @@
> -MD5 (clamav-0.87.tar.gz) = dd0a12deb4f48f760fa1fcd378ae7c24
> -RMD160 (clamav-0.87.tar.gz) = eced1d11a2747ff2ffda6060b959afe00ba21561
> -SHA1 (clamav-0.87.tar.gz) = 783d8bbd7dd956333a5c66c09cef7b2f410e229e
> -SIZE (clamav-0.87.tar.gz) = 4273714
> +MD5 (clamav-0.87.1.tar.gz) = bf9f038edf0b6d5f76552e1b8d014b81
> +RMD160 (clamav-0.87.1.tar.gz) = cc8c4436e2da70955d067b8bbe1610a7d20c4884
> +SHA1 (clamav-0.87.1.tar.gz) = 995f0d70c71455056d5c399b6704e07c42742646
> +SIZE (clamav-0.87.1.tar.gz) = 4468992
Re: clamav documentation question
Please disregard - upon re-reading man clamav-milter, the explanation was in there. clamav now checks the sendmail configuration file before starting. On Sat, Oct 01, 2005 at 10:49:28PM -0500, the unit calling itself J Moore wrote: > On Sat, Oct 01, 2005 at 10:10:23PM +0200, the unit calling itself Marc Balmer > wrote: > > J Moore wrote: > > > > >Older versions (prior to the "official" OpenBSD port) of clamav > > >contained an "INSTALL" file that had some really useful information; > > >e.g. on my 3.6 system this file was: > > > > > >/usr/ports/security/clamav-0.80/pkg/INSTALL > > > > > >Where is the information that was in this file located now? ; i.e. where > > >does the "official" OpenBSD port of clamav locate this file? > > > > It is not included because it is not needed for users of the port. > > Not needed...? I have to assume that you mean building the port > makes the required modifications to the /etc/rc.conf.local & > /etc/rc.local files? Perhaps you can help me with the following: > > I upgraded recently from 3.6 to 3.7, and I'm still trying to figure out > why clamav-milter is failing to start. > > When I do this: > # /usr/local/sbin/clamav-milter --max-children=2 -loNHP -U > /var/clamav/quarantine [EMAIL PROTECTED] > --pidfile=/var/clamav/clamav-milter.pid > local:/var/clamav/clamav-milter.sock > > I get this: > /usr/local/sbin/clamav-milter: socket-addr > (local:/var/clamav/clamav-milter.sock) doesn't agree with sendmail.cf > > I'll concede that this is a true statement. I start sendmail as follows: > > /usr/sbin/sendmail -L sm-mta -C/etc/mail/sendmail-clamav.cf -bd -q30m > > Why does clamav assume sendmail.cf is used? Previous versions of clamav > didn't seem to do this. >
Re: clamav documentation question
On Sat, Oct 01, 2005 at 10:10:23PM +0200, the unit calling itself Marc Balmer wrote: > J Moore wrote: > > >Older versions (prior to the "official" OpenBSD port) of clamav > >contained an "INSTALL" file that had some really useful information; > >e.g. on my 3.6 system this file was: > > > >/usr/ports/security/clamav-0.80/pkg/INSTALL > > > >Where is the information that was in this file located now? ; i.e. where > >does the "official" OpenBSD port of clamav locate this file? > > It is not included because it is not needed for users of the port. Not needed...? I have to assume that you mean building the port makes the required modifications to the /etc/rc.conf.local & /etc/rc.local files? Perhaps you can help me with the following: I upgraded recently from 3.6 to 3.7, and I'm still trying to figure out why clamav-milter is failing to start. When I do this: # /usr/local/sbin/clamav-milter --max-children=2 -loNHP -U /var/clamav/quarantine [EMAIL PROTECTED] --pidfile=/var/clamav/clamav-milter.pid local:/var/clamav/clamav-milter.sock I get this: /usr/local/sbin/clamav-milter: socket-addr (local:/var/clamav/clamav-milter.sock) doesn't agree with sendmail.cf I'll concede that this is a true statement. I start sendmail as follows: /usr/sbin/sendmail -L sm-mta -C/etc/mail/sendmail-clamav.cf -bd -q30m Why does clamav assume sendmail.cf is used? Previous versions of clamav didn't seem to do this.
clamav documentation question
Older versions (prior to the "official" OpenBSD port) of clamav contained an "INSTALL" file that had some really useful information; e.g. on my 3.6 system this file was: /usr/ports/security/clamav-0.80/pkg/INSTALL Where is the information that was in this file located now? ; i.e. where does the "official" OpenBSD port of clamav locate this file? Thnx, Jay
More on clamav errors
I upgraded recently from 3.6 to 3.7, and I'm still trying to figure out why clamav-milter is failing to start. When I do this: # /usr/local/sbin/clamav-milter --max-children=2 -loNHP -U /var/clamav/quarantine [EMAIL PROTECTED] --pidfile=/var/clamav/clamav-milter.pid local:/var/clamav/clamav-milter.sock I get this: /usr/local/sbin/clamav-milter: socket-addr (local:/var/clamav/clamav-milter.sock) doesn't agree with sendmail.cf I'll concede that this is a true statement. I start sendmail as follows: /usr/sbin/sendmail -L sm-mta -C/etc/mail/sendmail-clamav.cf -bd -q30m Why does clamav assume sendmail.cf is used? Previous versions of clamav didn't seem to do this. Thnx, Jay
Re: clamav errors
On Fri, Sep 30, 2005 at 11:47:09AM -0400, the unit calling itself Michael
Erdely wrote:
> On 9/30/05, J Moore <[EMAIL PROTECTED]> wrote:
> > On Thu, Sep 29, 2005 at 09:51:19PM -0400, the unit calling itself Michael
> > Erdely wrote:
> > > Kill clamav-milter, delete the socket file and restart the milter.
> > According to top, clamav_milter is not running!
>
> Hey, then step one is unnecessary.
>
> > How is it supposed to be started?
>
> Reading documentation is a great place to start.
Well, you know, I tried that. When I installed the "unofficial port" for
clamav on my 3.6 box there was a little file in /usr/ports called
"INSTALL". All of the instructions for getting clamav up and running
were there. I deleted clamav pkg just prior to upgrading to 3.7, and
re-installed the "official port" after I upgraded to 3.7. There is no
INSTALL file in ports any longer. I saw no need to change
/etc/rc.conf.local or /etc/rc.local as there were no instructions to
that effect as there were in the previous version. Maybe I've missed
something, but as far as clamav goes it feels like I got a downgrade
rather than an upgrade.
So, please tell me - where is the documentation that spells out the
instructions on how to set up clamav to use the milter? My config files
are provided below. They look OK to me, but obviously I have missed
something.
>
> In my /etc/rc.conf.local:
> ## ClamAV Flags
> freshclam_flags="-d"# for normal use: "-d"
> clamd_flags=NO # for normal use: ""
> clamav_milter_flags="--dont-log-clean --headers --noreject \
> --outgoing --local --quiet \
> --quarantine-dir=/var/clamav/quarantine \
> --pidfile=/var/clamav/clamav-milter.pid \
> local:/var/clamav/clamav-milter.sock"
Here's mine:
clamav_milter="--max-children=2 -loNHP -U /var/clamav/quarantine
[EMAIL PROTECTED]
--pidfile=/var/clamav/clamav-milter.pid
local:/var/clamav/clamav-milter.sock"
> In my /etc/rc.local:
> ## ClamAV
> if [ -f /etc/clamd.conf -a -f /etc/freshclam.conf ]; then
> rm -f /var/clamav/*.pid /var/clamav/*.sock > /dev/null
> if [ X"${freshclam_flags}" != X"NO" -a -x /usr/local/bin/freshclam ]; then
> echo -n ' freshclam'; /usr/local/bin/freshclam ${freshclam_flags}
> sleep 5
> fi
> if [ X"${clamd_flags}" != X"NO" -a -x /usr/local/sbin/clamd ]; then
> echo -n ' clamd'; /usr/local/sbin/clamd ${clamd_flags}
> set clamav_milter_flags="--external --timeout=5 ${clamav_milter_flags}"
> sleep 1
> else
> set clamav_milter_flags="--timeout=0 ${clamav_milter_flags}"
> fi
> if [ X"${clamav_milter_flags}" != X"NO" -a \
> -x /usr/local/sbin/clamav-milter ]; then
> echo -n ' clamav-milter'
> /usr/local/sbin/clamav-milter ${clamav_milter_flags}
> fi
> fi
And mine...
# clamav stuff
if [ -f /etc/clamd.conf -a -f /etc/freshclam.conf ]; then
rm -f /var/clamav/*.pid /var/clamav/*.sock > /dev/null
if [ X"${clamd}" != X"NO" -a -x /usr/local/sbin/clamd ]; then
echo -n 'clamd '; /usr/local/sbin/clamd ${clamd}
sleep 1
if [ X"${clamav_milter}" != X"NO" -a -x
/usr/local/sbin/clamav-milter ]; then
echo -n 'clamav-milter ';
/usr/local/sbin/clamav-milter ${clamav_milter}
fi
fi
if [ X"${freshclam}" != X"NO" -a -x /usr/local/bin/freshclam ];
then
echo -n 'freshclam '; /usr/local/bin/freshclam
${freshclam}
fi
fi
Re: clamav errors
On Thu, Sep 29, 2005 at 09:51:19PM -0400, the unit calling itself Michael Erdely wrote: > Kill clamav-milter, delete the socket file and restart the milter. > According to top, clamav_milter is not running! How is it supposed to be started? Thanks, Jay > On 9/29/05, J Moore <[EMAIL PROTECTED]> wrote: > > I've recently upgraded my system from 3.6 to 3.7. I used clamav (the > > "unofficial port") on 3.6, and after the upgrade installed the > > "official" clamav port for 3.7 > > > > I am getting the following error messages repeatedly in my > > /var/log/maillog file: > > > > Milter (clamav-milter): local socket name /var/clamav/clamav-milter.sock > > unsafe > > > > Milter (clamav-milter): to error state > > > > Any idea what might be going on? > > > > Thanks, > > Jay > > > > > > > -- > http://erdelynet.com/ > Support OpenBSD! http://www.openbsd.org/orders.html >
clamav errors
I've recently upgraded my system from 3.6 to 3.7. I used clamav (the "unofficial port") on 3.6, and after the upgrade installed the "official" clamav port for 3.7 I am getting the following error messages repeatedly in my /var/log/maillog file: Milter (clamav-milter): local socket name /var/clamav/clamav-milter.sock unsafe Milter (clamav-milter): to error state Any idea what might be going on? Thanks, Jay
clamav status
I've seen the clamav security breach notice from SANS, and read the recent threads here in this forum. Given that someone has already identified a diff, when will ver 0.87 be available? Just to opine a bit: 1) I looked forward to clamav being added as an official package/port for OpenBSD. But the result seems to be that changes are slower to be incorporated. Maybe there's a reason for this??? 2) The foolishness with the arc, unarj & unrar packages should be stopped. If these packages can't be included in the OpenBSD package set, then the OpenBSD port of clamav should be configured not to use them. I don't recall ever getting an arc, rar or arj archive in an email attachment; I for one would be most happy to simply strip any such attachments, and send a message back to the sender to "get with the program". V/r, Jay
