To clarify, the milter isn't dying... it's just refusing to accept inputs
(there's a difference). And the issue is with the milter, not with libclamav.
In my case the milter is dying, and needs to be re-started... (started
should I say).
___
h
On Wed, 1 Jun 2005, [EMAIL PROTECTED] wrote:
If the issue is with clamav, the milter should probably not die as a side
effect.
To clarify, the milter isn't dying... it's just refusing to accept
inputs (there's a difference). And the issue is with the milter, not
with libclamav.
Damian Men
If the issue is with clamav, the milter should probably not die as a side
effect.
At 01:51 PM 1/06/2005, you wrote:
Please read my post to this list on Mon, 30 May 2005 10:58:58 -0500 with
subject line Clamav not accepting inputs.
I suppose I should add that to the wiki at some point, though
On Wed, 1 Jun 2005, [EMAIL PROTECTED] wrote:
LibClamAV Warning: Not reloading database until idle - waiting for 2 children
LibClamAV Warning: Not accepting inputs at the moment
LibClamAV Warning: Not accepting inputs at the moment
LibClamAV Warning: Not accepting inputs at the moment
... and so
At 01:08 PM 1/06/2005, you wrote:
What are the entries in /var/log/clamd.log (or whatever you
use?)
N.
The last relevant bits:
LibClamAV Warning: Not reloading database until idle - waiting for 2 children
LibClamAV Warning: Not accepting inputs at the moment
LibClamAV Warning: Not accepting
--- "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Since the last version - ClamAV version 0.85.1,
> clamav-milter version 0.85,
> we are getting constant crashes of clamav-milter, syslog
> errors below:
>
> clamav-milter[10246]: ClamAv: thread_create() failed:
> 12, try again
>
At 12:44 PM 6/1/2005, you wrote:
What OS and version? Did you install from precompiled binaries or
source?
Thomas
Fedora Core 2, compiled form source. This issue was not present in previous
milter versions. Some startup issues were also encountered, but were not
documented when first instal
On Wed, 2005-06-01 at 11:51 +1000, [EMAIL PROTECTED] wrote:
> Hi,
>
> Since the last version - ClamAV version 0.85.1, clamav-milter version 0.85,
> we are getting constant crashes of clamav-milter, syslog errors below:
>
> clamav-milter[10246]: ClamAv: thread_create() failed: 12, try again
Hi,
Since the last version - ClamAV version 0.85.1, clamav-milter version 0.85,
we are getting constant crashes of clamav-milter, syslog errors below:
clamav-milter[10246]: ClamAv: thread_create() failed: 12, try again
clamav-milter[10246]: ClamAv: thread_create() failed: 12, a
On Tue, 31 May 2005 17:07:50 -0700
Jef Poskanzer <[EMAIL PROTECTED]> wrote:
> I saw a mailing list message saying the config file stuff will be
> re-done in version 0.90, does that still apply?
The new parser code has been implemented in CVS. To disable archive
scanning in clamav-devel simple add
On Tue, 31 May 2005, Jef Poskanzer wrote:
Am I correct that there is currently no way to disable ScanArchive?
I've looked at the docs and the code and it seems like it defaults
to on and the config file scanner doesn't allow any keyword to
turn it off.
I saw a mailing list message saying the co
Am I correct that there is currently no way to disable ScanArchive?
I've looked at the docs and the code and it seems like it defaults
to on and the config file scanner doesn't allow any keyword to
turn it off.
I saw a mailing list message saying the config file stuff will be
re-done in version 0.
On Tue, May 31, 2005 at 10:53:12PM +0800, imacat said:
> By the way, most, if not all, of the warnings I received are:
>
> LibClamAV Warning: Not accepting inputs at the moment
> LibClamAV Warning: Accepting inputs again
This particular message is basically going away soon, I beli
Hi,
I would like to thank everybody who gave me some advice while trying to
solve my performance issue.
After introducing clamd and starting the scanning for attachements with
clamdscan performance increased. Scanning an attachement larger than 4
megabyte now takes seconds rather than hours. I on
On Mon, 30 May 2005, Stephen Gran wrote:
The clamav-milter code is scattered liberally with cli_*msg lines, which
do all of this. I am slowly working through a patch set for output
unification that basically dumps all of the work on the logg() function
in shared/output.c It will be up to logg(
On Tue, 31 May 2005, .rp wrote:
When using the -L option, all email from netzero was getting trapped.
Is the bug in clamav-milter or netzero's email server?
ClamAV has no bugs, so it must be netzero's fault. ;)
Seriously, can you get a packet capture of an incoming message from
there? I st
.rp wrote:
> Is there a build anywhere that will run under NT4 ?
There are at least two, Cygwin includes it precompiled in it's packages (works
fine by itself but you may have problems if trying to integrate with a Windows
app), and there's WinClam (or something like that which I don't use).
Als
When using the -L option, all email from netzero was getting trapped.
Is the bug in clamav-milter or netzero's email server?
___
http://lurker.clamav.net/list/clamav-users.html
* [EMAIL PROTECTED] <[EMAIL PROTECTED]> [20050531 20:09]: wrote:
> Todd Lyons wrote:
> > Odhiambo Washington wanted us to know:
> >
> >>> Please, set the "Debug" flag in your clamd.conf, rescan the sample,
> >>> and send us the logs.
&
* Todd Lyons <[EMAIL PROTECTED]> [20050531 21:19]: wrote:
> Odhiambo Washington wanted us to know:
>
> >Someone said I have disabled ScanPE, which is correct. It's apparent
> >that this was a major factor. It also appears that restarting clamd
> >was necessary
On Tue, 31 May 2005 10:25:19 -0700 in [EMAIL PROTECTED]
Todd Lyons <[EMAIL PROTECTED]> wrote:
> Don't take it personally until an actual developer tells you that
> you're wasting your time. Read the archives, figure out which
> posters are inflammatory, and add them to your plonk list. It mak
.rp wrote:
> Is there a build anywhere that will run under NT4 ?
This is a good place to start looking:
http://www.clamav.net/binary.html#pagestart
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"ma
Is there a build anywhere that will run under NT4 ?
___
http://lurker.clamav.net/list/clamav-users.html
Odhiambo Washington wanted us to know:
>Someone said I have disabled ScanPE, which is correct. It's apparent
>that this was a major factor. It also appears that restarting clamd
>was necessary. I however don't understand why it should be, since
>freshclam does notify it...
Notify it of a new data
* Fajar A. Nugraha <[EMAIL PROTECTED]> [20050531 18:52]: wrote:
> Odhiambo Washington wrote:
>
> >tried it though, and I have the file - image.zip, and some output
> >from the debug file - current.txt, posted here:
> >
> >http://ns2.wananchi.com/~wash
* Securiteinfo.com <[EMAIL PROTECTED]> [20050531 19:33]: wrote:
> Le mardi 31 Mai 2005 17:29, Odhiambo Washington a écrit :
> > * Securiteinfo.com <[EMAIL PROTECTED]> [20050531 16:27]: wrote:
> > > Le mardi 31 Mai 2005 14:58, Odhiambo Washington a écrit :
> > &
Jim Popovitch said:
> On Tue, 2005-05-31 at 09:28 -0700, Dennis Peterson wrote:
>> >
>> > To me, the original javascript IS a virus and SHOULD be reported by
>> > clam(d)scan.
>> >
>> > -Jim P.
>>
>> If this is the case then adding the script to any content filter you run
>> should be a minimum s
Jim Popovitch wanted us to know:
>should be doing for the masses. I'll shutup now since it is all too
>apparent that ppl think I came here to get individual assistance in
>solving a problem rather than to identify a potential oversight in
>clamav.
Don't take it personally until an actual develop
On Tue, 2005-05-31 at 09:28 -0700, Dennis Peterson wrote:
> Jim Popovitch said:
>
> >
> > The javascript will run on any box, linux included. What it does
> > (install .exe, etc.) is only unique to MS Windows. It does this by
> > downloading this file:
> > h--p://69.50.177.102/x155/ind.php
> >
Todd Lyons wrote:
> Odhiambo Washington wanted us to know:
>
>>> Please, set the "Debug" flag in your clamd.conf, rescan the sample,
>>> and send us the logs.
>> I cannot do that on the box where this phenomena is manifesting
>> itself because it's a production box, processing large volumes of
>>
Odhiambo Washington wanted us to know:
>> Please, set the "Debug" flag in your clamd.conf, rescan the sample, and send
>> us the logs.
>I cannot do that on the box where this phenomena is manifesting itself
>because it's a production box, processing large volumes of mail. I'll
Very quickly, do t
Jim Popovitch said:
>
> The javascript will run on any box, linux included. What it does
> (install .exe, etc.) is only unique to MS Windows. It does this by
> downloading this file:
> h--p://69.50.177.102/x155/ind.php
> which then proceeds to download this file:
> h--p://69.50.177.102/x155/
Le mardi 31 Mai 2005 17:29, Odhiambo Washington a écrit :
> * Securiteinfo.com <[EMAIL PROTECTED]> [20050531 16:27]: wrote:
> > Le mardi 31 Mai 2005 14:58, Odhiambo Washington a écrit :
> > > * Christopher X. Candreva <[EMAIL PROTECTED]> [20050531 15:31]: wrot
p: Trojan.W32.PWS.Prostor.A FOUND
--- SCAN SUMMARY ---
Infected files: 1
Time: 1.037 sec (0 m 1 s)
fajar-pc virus # clamd -V
ClamAV devel-20050531/901/Tue May 31 20:33:04 2005
fajar-pc virus # clamscan -V
ClamAV devel-20050531/901/Tue May 31
On Tue, 2005-05-31 at 16:24 +0100, Bob Hutchinson wrote:
>
> I downloaded your zip file, neither clamscan or clamdscan found anything,
> either before or after I unzipped it
That was my experience too, and the reason behind my posting here.
Should clam(d)scan be hitting on this? I think it shoul
Fajar A. Nugraha wrote:
Jim Maul wrote:
2) Can I configure qmail-scanner to disconnect the smtp session and
starts
clamav in the background (probably a qmail-scanner question) ?
I don't think any MTA is able to do that.
I believe qmail does this by default. It does not keep the smtp
* Securiteinfo.com <[EMAIL PROTECTED]> [20050531 16:27]: wrote:
> Le mardi 31 Mai 2005 14:58, Odhiambo Washington a écrit :
> > * Christopher X. Candreva <[EMAIL PROTECTED]> [20050531 15:31]: wrote:
> > > On Tue, 31 May 2005, Odhiambo Washington wrote:
> >
On Tuesday 31 May 2005 15:46, Jim Popovitch wrote:
> On Tue, 2005-05-31 at 09:08 -0500, René Berber wrote:
> > Don't do this! Any wannabe-virus-builder-kid will want to get a hand on
> > samples like this.
>
> Well, if they don't have it by now then they aren't educated enough to
> get it now. It
Jim Maul wrote:
2) Can I configure qmail-scanner to disconnect the smtp session and
starts
clamav in the background (probably a qmail-scanner question) ?
I don't think any MTA is able to do that.
I believe qmail does this by default. It does not keep the smtp
session open during scan
On Tue, 31 May 2005 08:19:21 +0200
Tomasz Papszun <[EMAIL PROTECTED]> wrote:
> Please, don't "top-post" - reply _below_ previous messages, not above
> them.
> http://www.catb.org/~esr/jargon/html/T/top-post.html
Sorry for that. I had read that, but I forgot it.
By the way, I do really ap
On Mon, 30 May 2005 21:59:56 -0400
Stephen Gran <[EMAIL PROTECTED]> wrote:
> On Tue, May 31, 2005 at 09:48:12AM +0800, imacat said:
> > Is there any way to tell cli_warning() that LogSyslog is in use in
> > clamav-milter/clamav-milter.c? It's strange that only clamav-milter and
> > sigtool is
On Tue, 2005-05-31 at 09:08 -0500, René Berber wrote:
> Don't do this! Any wannabe-virus-builder-kid will want to get a hand on
> samples
> like this.
Well, if they don't have it by now then they aren't educated enough to
get it now. It doesn't make it truly newsworthy just because this is
the
Fajar A. Nugraha wrote:
Jan Alphenaar wrote:
open. The problem is now that attachements >4Mb are taking ages to scan.
The CPU is now busy for 100% running clamscan.
Because the users connect with Outlook Express this application will now
say to the user that the mailserver is not responding (s
Jim Popovitch wrote:
> I have an HTML file that contains some bad javascript. While the
> javascript itself isn't malicious, what it does is. It begins a
> download process that eventually gives up your PC to others.
>
> Should clam(d)scan identify something like this as a virus?
>
> Here is a
Le mardi 31 Mai 2005 14:58, Odhiambo Washington a écrit :
> * Christopher X. Candreva <[EMAIL PROTECTED]> [20050531 15:31]: wrote:
> > On Tue, 31 May 2005, Odhiambo Washington wrote:
> > > I am just wondering why clamscan rightly detects the trojan in the mail
>
We use postfix andsetup a second postfix conf running on the same box ...
The first postfix conf just receives mail and passes it to the other postfix
conf...
The second postfix conf does; antivirus with clam, DNS blacklist lookups,
white lists, black lists, etc. ... then passes the email on to t
* Christopher X. Candreva <[EMAIL PROTECTED]> [20050531 15:31]: wrote:
> On Tue, 31 May 2005, Odhiambo Washington wrote:
>
> > I am just wondering why clamscan rightly detects the trojan in the mail
> > while clamdscan doesn't.
>
> Check the output of clamsc
I have an HTML file that contains some bad javascript. While the
javascript itself isn't malicious, what it does is. It begins a
download process that eventually gives up your PC to others.
Should clam(d)scan identify something like this as a virus?
Here is a zipped copy of the virus:
http://
On Tue, 31 May 2005, Odhiambo Washington wrote:
> I am just wondering why clamscan rightly detects the trojan in the mail
> while clamdscan doesn't.
Check the output of clamscan -V and clamdscan -V -- make sure they report
the same database version number.
==
* Fajar A. Nugraha <[EMAIL PROTECTED]> [20050531 14:57]: wrote:
> Odhiambo Washington wrote:
>
> >Am I simply asking dumb questions??? Perhaps it would be better if
> >someone told me so. I need to figure out why these Trojans are getting
> >past clamd!!
> >
Odhiambo Washington wrote:
Am I simply asking dumb questions??? Perhaps it would be better if
someone told me so. I need to figure out why these Trojans are getting
past clamd!!
Of course it's not dumb :)
What does the online scanner says?
Is the virus (preferably in the original mail forma
Am I simply asking dumb questions??? Perhaps it would be better if
someone told me so. I need to figure out why these Trojans are getting
past clamd!!
* Wash <[EMAIL PROTECTED]> [20050531 10:11]: wrote:
> 0.85.1 here ... Isn't this just interesting?
>
>
> 87$ clamdscan
Jan Alphenaar wrote:
open. The problem is now that attachements >4Mb are taking ages to scan.
The CPU is now busy for 100% running clamscan.
Because the users connect with Outlook Express this application will now
say to the user that the mailserver is not responding (since the smtp
session is
All,
I was strugling with clamav this weekend for a few hours without any
success. So, I decided to ask it on this mailing list. Hopefully someone
can give me a hand and point me in the correct direction...
Clamav is running from qmail-scanner on my site and is working quite well.
The only thing
0.85.1 here ... Isn't this just interesting?
87$ clamdscan girls.zip
/home/wash/girls.zip: OK
--- SCAN SUMMARY ---
Infected files: 0
Time: 0.148 sec (0 m 0 s)
88$ clamscan girls.zip
girls.zip: Trojan.W32.PWS.Prostor.A FOUND
--- SCAN SUMMARY ---
Known viruses:
55 matches
Mail list logo
