Re: [toaster] clamav 0.90 patches up
Bill Shupp wrote: I do have this side-effect also. I added LogTime to the file, and first of the lines has the time, but the second one does not. I'm seeing this as well. I suspect the shared/output.c patch might be responsible, I'll look more closely when I have time. It appears the stderr patch is no longer needed. I removed the patch, and commented out the LogFile directive in clamd.conf, and it's logging correctly now. Thanks to Eric Shubert for pointing this out. Regards, Bill
Re: [toaster] clamav 0.90 patches up
Sam Laffere wrote: I am still running as clamav. I did not need to make any changes here This is correct. There is no need to run as simscan in the default setup. Second, there is a strange side-effect in /var/log/clamd/current. Each line of clamd is being logged twice. I do have this side-effect also. I added LogTime to the file, and first of the lines has the time, but the second one does not. I'm seeing this as well. I suspect the shared/output.c patch might be responsible, I'll look more closely when I have time. Third, I have to mention that simscan 1.2 did not work, but simscan-1.3.1 does work very good. I am still running simscan 1.2. No problems yet. Same here. Regards, Bill
Re: [toaster] clamav 0.90 patches up
Bill, Thanks for the updated files. I just upgraded my installation, and wanted to post what I found. Claas Langbehn wrote: First of all, I needed to run clamd as user simscan, as adding clamav to the group simscan did not help. I think it is because setuidgid drops additional groups. Now it works. See my /var/qmail/supervise/clamd/run: I am still running as clamav. I did not need to make any changes here Second, there is a strange side-effect in /var/log/clamd/current. Each line of clamd is being logged twice. I do have this side-effect also. I added LogTime to the file, and first of the lines has the time, but the second one does not. Third, I have to mention that simscan 1.2 did not work, but simscan-1.3.1 does work very good. I am still running simscan 1.2. No problems yet. Sam
Re: [toaster] clamav 0.90 patches up
Hello Bill, I just tried the three patches and I want to give you some feedback: First of all, I needed to run clamd as user simscan, as adding clamav to the group simscan did not help. I think it is because setuidgid drops additional groups. Now it works. See my /var/qmail/supervise/clamd/run: #!/bin/sh exec /usr/local/bin/setuidgid simscan /usr/local/sbin/clamd 21 Second, there is a strange side-effect in /var/log/clamd/current. Each line of clamd is being logged twice. Third, I have to mention that simscan 1.2 did not work, but simscan-1.3.1 does work very good. Many regards, claas
Re: [toaster] clamav 0.90 patches up
Hello, one more strange thing: Even though the infected emails are detected, simscan throws up an error before. simscan: connect error 2 simscan:[4367]:VIRUS:0.0688s:Eicar-Test-Signature:81.169.123.251::[EMAIL PROTECTED]: Does anyone know what connect error 2 is about? - Claas
Re: [toaster] clamav 0.90 patches up
Good Morning! simscan: connect error 2 I found out, what causes this. There is a P0F function that is not documented, yet. You can deactivate it by adding NOP0FCHECK=1 to your /home/vpopmail/etc/tcp.smtp and run qmailctl cdb afterwards. For example: :allow,QMAILQUEUE=/var/qmail/bin/simscan,NOP0FCHECK=1 claas
Re: [toaster] clamav 0.90 patches up
I had to go back at 0.88.x as CPU usage becomes extremely high and clamd hangs. Anyone has the same problem? Tonino At 19.39 14/02/2007, you wrote: I've posted patches for for clamav 0.90 for use with the standard toaster install: http://shupp.org/patches/clamav-0.90-conf.patch http://shupp.org/patches/clamav-0.90-freshclamconf.patch http://shupp.org/patches/clamav-0.90-stderr.patch Thanks to Dave Watson and Stephan Seitz, both of whom submitted updated 0.90 versions of the stderr patch. I've installed these patches on my system, and they are working as expected. Has anyone tried out the new experimental anti-phishing features yet? The Toaster documentation has not yet been updated with these patch versions, but that'll happen this week. I'm just about done porting it to DocBook format, with embedded gettext support for easy translation maintenance. I'll be releasing the DocBook files, PHP wrapper classes, and related scripts for anyone that finds them useful. Regards, Bill
Re: [toaster] clamav 0.90 patches up
At 18.10 18/02/2007, you wrote: I had to go back at 0.88.x as CPU usage becomes extremely high and clamd hangs. Anyone has the same problem? I use FreeBSD. Clamav docs say on FreeBSD and Solaris 0.90 has serious problems. Tonino Tonino At 19.39 14/02/2007, you wrote: I've posted patches for for clamav 0.90 for use with the standard toaster install: http://shupp.org/patches/clamav-0.90-conf.patch http://shupp.org/patches/clamav-0.90-freshclamconf.patch http://shupp.org/patches/clamav-0.90-stderr.patch Thanks to Dave Watson and Stephan Seitz, both of whom submitted updated 0.90 versions of the stderr patch. I've installed these patches on my system, and they are working as expected. Has anyone tried out the new experimental anti-phishing features yet? The Toaster documentation has not yet been updated with these patch versions, but that'll happen this week. I'm just about done porting it to DocBook format, with embedded gettext support for easy translation maintenance. I'll be releasing the DocBook files, PHP wrapper classes, and related scripts for anyone that finds them useful. Regards, Bill
Re: [toaster] clamav 0.90 patches up
On Feb 15, 2007, at 2:12 PM, Rick Macdougall wrote: One thing to keep in mind, if you are not using the :attach in simcontrol, do NOT enable rip mime in simscan as that will cause clamdscan to basically scan the message and the attachment twice. Clamav does a very good job of scanning encoded content and attachments all by itself. No need to duplicate effort. I recently took a look at ripmime to see if it had a setting that would simply dump the attachment filenames without actually creating the attachments. It, unfortunately, does not. I haven't looked at the source to see if it would be possible to build a modified version to accomplish my goals or not. I guess I could modify my simscan to run ripmime, look at the attachment filenames, and then delete them all before calling clamav. OR, I could simply pass the message file to clamav instead of having it scan the entire directory. In the case of large attachments, it's a big waste of CPU cycles to scan the entire message twice. I might just skip attachment blocking at this point, and hope that clamav will catch all of the scr and pif crap. -- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/
Re: [toaster] clamav 0.90 patches up
On Feb 14, 2007, at 10:39 AM, Bill Shupp wrote: I've installed these patches on my system, and they are working as expected. Bill, Have you (or anyone for that matter) seen any performance improvements from the new version? I noticed this line from the Release Notes: The email decoding has been improved to reduce both the memory requirements and the time taken to process attachments. I'm hoping that an upgrade will help system performance in times where it used to get bogged down when virus scanning. -- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/
Re: [toaster] clamav 0.90 patches up
Tom Collins wrote: On Feb 14, 2007, at 10:39 AM, Bill Shupp wrote: I've installed these patches on my system, and they are working as expected. Bill, Have you (or anyone for that matter) seen any performance improvements from the new version? I noticed this line from the Release Notes: The email decoding has been improved to reduce both the memory requirements and the time taken to process attachments. I'm hoping that an upgrade will help system performance in times where it used to get bogged down when virus scanning. I haven't noticed anything yet, but my hosting system is fairly low traffic. I'll have a better idea once I roll it out to some clients with much heavier smtp traffic. Regards, Bill
Re: [toaster] clamav 0.90 patches up
Tom Collins wrote: On Feb 14, 2007, at 10:39 AM, Bill Shupp wrote: I've installed these patches on my system, and they are working as expected. Bill, Have you (or anyone for that matter) seen any performance improvements from the new version? I noticed this line from the Release Notes: The email decoding has been improved to reduce both the memory requirements and the time taken to process attachments. I'm hoping that an upgrade will help system performance in times where it used to get bogged down when virus scanning. It seems quite a bit faster here, and my over all load averages are quite a bit lower. One thing to keep in mind, if you are not using the :attach in simcontrol, do NOT enable rip mime in simscan as that will cause clamdscan to basically scan the message and the attachment twice. Clamav does a very good job of scanning encoded content and attachments all by itself. No need to duplicate effort. Regards, Rick
Re: [toaster] clamav 0.90 patches up
[EMAIL PROTECTED] wrote: Hi Bill, When I did upgraded to Clamav to 0.90 my toaster box . I cant received any mail. /var/log/qmail/smtpd/current says: ERROR: Parse error at line 39: Option LogClean requires boolean argument. /var/log/clamd/current says: ERROR: Parse error at line 39: Option LogClean requires boolean argument. ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf then I returned to Clamav 0.88.4. It is working any idea for 0.90 Thanks, YC I've posted patches for for clamav 0.90 for use with the standard toaster install: http://shupp.org/patches/clamav-0.90-conf.patch http://shupp.org/patches/clamav-0.90-freshclamconf.patch http://shupp.org/patches/clamav-0.90-stderr.patch Thanks to Dave Watson and Stephan Seitz, both of whom submitted updated 0.90 versions of the stderr patch. I've installed these patches on my system, and they are working as expected. remove /usr/local/etc/clamd.conf than make install new clamav, it works.. -- Ahmet YAZICI In general, avoiding problems is better than solving them.
Re: [toaster] clamav 0.90 patches up
Ahmet YAZICI wrote: [EMAIL PROTECTED] wrote: Hi Bill, When I did upgraded to Clamav to 0.90 my toaster box . I cant received any mail. /var/log/qmail/smtpd/current says: ERROR: Parse error at line 39: Option LogClean requires boolean argument. /var/log/clamd/current says: ERROR: Parse error at line 39: Option LogClean requires boolean argument. ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf then I returned to Clamav 0.88.4. It is working any idea for 0.90 remove /usr/local/etc/clamd.conf than make install new clamav, it works.. Yeah, this is actually what I did as well. I should add a note for that when I update the docs. Regards, Bill
