Re: [clamav-users] ClamAV documentation help needed

On Aug 10, 2017, at 1:38 PM, sysad...@chemcut.net wrote: > Unfortunately Google didn't turn up any useful information. Really? https://www.google.com/search?site=&source=hp&q=clamav+linux+logs ...and try adding your specific

Re: [clamav-users] ClamAV documentation help needed

On Aug 10, 2017, at 10:52 AM, sysad...@chemcut.net wrote: > If it isn't a current issue, how do you search them? The majority of people use a search engine like Google. However, the list archives are available to be downloaded as mbox format, which can be imported into a MUA of your choice, or f

Re: [clamav-users] freshclam checks database every time

Hi-- On Apr 12, 2013, at 10:58 AM, Andreas Schulze wrote: > But back to my main problem. clamscan wastes 3 secon[d]s time loading the > complete engine every time it is called. > Notice the timestamps! The data available to me suggests that ClamAV has seen ~736 database updates since the beginn

Re: [clamav-users] ZEUS virus

Hi-- On Feb 21, 2013, at 10:28 AM, Zvi Kave wrote: > Is there a signature for ZEUS virus in ClamAV ? Yes, there are several ZEUS signatures: % sigtool -fZeus [daily.mdb] 2560:34a6f6e6bb8d80fa52b9521dcfc1577d:Win.Trojan.Zeus-1 [daily.mdb] 51388:a3571f6881a9a8b84593c79796131e5a:Win.Trojan.Zeus-2 [

Re: [clamav-users] RES: Block files type inside attached files

Hi-- On Dec 7, 2012, at 12:01 PM, Ronaldo Luiz de Carvalho wrote: > I have a CentOS server running ClamAV. When the server receive e-mails with > attached files, some files attached has inside files with extension .cmd, > .bat, .cpl and others. > > My doubt is how could I set ClamAV to reject or

Re: [clamav-users] Tutorial for installing ClamAV on FreeBSD?

On Nov 9, 2012, at 3:34 PM, Ed Flecko wrote: > I was going to use the port, but I *like* to try and use source when I > can, only because they're current (of course) and I can use different > ./config options, which I don't *think* you can do with a port...can > you? If a port has options, they wo

Re: [clamav-users] Tutorial for installing ClamAV on FreeBSD?

On Nov 9, 2012, at 3:11 PM, Ed Flecko wrote: > I forgot to mention - I installed clamav from source, not from the port. Using the port would easier, but OK. > I've commented the files you refer to, and when I try and run: freshclam > > I get an error message: > > ERROR: Can't create temporary d

Re: [clamav-users] Tutorial for installing ClamAV on FreeBSD?

On Nov 9, 2012, at 2:15 PM, Ed Flecko wrote: > I have a clean install of FreeBSD 9 (64 bit), and I can install clamav > just fine...but I have no idea where the default install is and what > minimal option(s) I need to configure to at least get it running. The default install would be under /usr/l

Re: [clamav-users] FP?

Hi-- On Oct 17, 2012, at 11:58 AM, Gene Heskett wrote: >> --detect-pua[=yes/no(*)] >> Detect Possibly Unwanted Applications > > Then we have a bug. :( from the run just completed, --detect-pua=no was > ignored, it still found them all. That IMO is a bug. I'll remove it for

Re: [clamav-users] FP?

On Oct 17, 2012, at 11:42 AM, Gene Heskett wrote: > No, WRONG context. I am explicitly turning it off. Whether that is the > same as removing it from the launching cli, I haven't tested. But I > suspect that if I removed --detect-pua, it would still default to on. > Correct? Nope. This is w

Re: [clamav-users] FP?

Hi-- On Oct 17, 2012, at 9:16 AM, Gene Heskett wrote: [ ... ] >> are turned off by default and have to be explicitly turned on. > > My crontab's invocation had --detect-pua, with no following argument, so > apparently it defaults to on in those circumstances. Some decades ago Unix folks standa

Re: [clamav-users] ClamAV?: ClamAV Stats, we need more of them, we need your help

Hi-- On Sep 24, 2012, at 10:28 AM, Al Varnell wrote: [ ... ] > I agree that trying to force people to do so would be a loosing battle and > not worth the effort. I subscribe to many lists and must say that this is > the first time I've read such a request. But my understanding of what he's > ask

Re: [clamav-users] Do I have a disaster?

On Aug 15, 2012, at 7:55 AM, Gene Heskett wrote: > Greets all; > > I got one of those emails from what looked like the IRS yesterday, but the > .doc file it linked to was .htm and supposedly infected my machine with > either the JS/Iframe.W!tr; Trojan-Downloader.JS.Iframe.czj or once > infected

Re: [clamav-users] how to release 16K FPs from quarantine?

On Aug 8, 2012, at 9:22 AM, Len Conrad wrote: >> What software put the mail in quarantine? What's in the mail log? > > Aug 7 08:13:22 mx1.hctc.net/mx1.hctc.net clamd[60202]: > /var/virus/clamsmtpd.qIdg8l: MBL_303159.UNOFFICIAL FOUND > > Aug 7 08:13:22 mx1.hctc.net/mx1.hctc.net clamsmtpd: 3EA

Re: [clamav-users] Error: access denied.

On Jul 16, 2012, at 3:01 AM, Nam PHAM wrote: > Everything I got here is only the error when I try to upload file. the > error is '/tmp/phpISPxXZ: Access denied. ERROR'. > I try to set 777 for /tmp folder, set 'clamav' users to 'root' group, but > still got this error. > > Does anyone have experien

Re: [clamav-users] Identifying safebrowsing domains

On Jun 7, 2012, at 12:31 PM, Alex wrote: > It seems to provide conflicting information. It says the site has > distributed malware in the last 90 days, with 06/04/12 being the last > day checked. However, it also says it hasn't hosted malware in the > last 90 days. Am I missing something? This ten

Re: [clamav-users] Licensing & DLLs

On May 14, 2012, at 12:02 PM, Simon Hobson wrote: > Chuck Swiger wrote: >>> What if WE made an AV plugin DLL to link our software with libclamav? >> >> If your software license isn't GPL-miscible, then you should not >> redistribute the combination of yo

Re: [clamav-users] Licensing & DLLs

On May 14, 2012, at 8:55 AM, Paul Smith wrote: > We produce a commercial mail server (not GPLed) which has a defined DLL > interface to allow people to create plugins to integrate with virus scanners > (I'll call that an 'AV plugin DLL'). It's not specifically designed for > ClamAV, but for any

Re: [clamav-users] Virus information database?

On May 7, 2012, at 10:49 AM, Pepijn Schmitz wrote: > Hi Chuck, > > On 07-05-12 19:17, Chuck Swiger wrote: >> VirusTotal is a site at https://www.virustotal.com/ which lets one upload >> files and scan them against all of the major malware engines. This will >>

Re: [clamav-users] Virus information database?

Hi-- On May 7, 2012, at 8:16 AM, Pepijn Schmitz wrote: > I'm asking because ClamAV is currently causing trouble for me by falsely > detecting something it calls "Trojan.Agent-281708" in my program, > worldpainter_0.8.6.exe. I can find no information on this > "Trojan.Agent-281708" online. The o

Re: [clamav-users] trouble compiling clamav 0.97.4 -> Just a general comment on programming and error messages.

On Apr 18, 2012, at 10:25 AM, Jim Preston wrote: > Too many times error messages are meaningless to almost anyone who is not > part of the build team. That's may well be true in general, but ClamAV is open source: you've got the source code and build infrastructure available to inspect and deter

Re: [clamav-users] Error updating CLAMAV 0.97.4

On Mar 15, 2012, at 3:14 PM, Sergio wrote: > My server uses CPanel. > > Does the above info helps? Nope, sorry. However, it does suggest that you should discuss this with your ISP (or with CPanel directly-- they've got a lookup on http://www.cpanel.net/support.html which will figure out who ow

Re: [clamav-users] Error updating CLAMAV 0.97.4

On Mar 15, 2012, at 12:53 PM, Sergio wrote: > 2012-03-15 13:06:24 (9.30 MB/s) - `clamav-0.97.4.tar.gz' saved > [48386114/48386114] > configure: WARNING: > ** WARNING: > ** You are cross compiling to a different host or you are > ** linking to bugged system libraries or you have manually

Re: [clamav-users] Compiling and installing from an NFS mount

On Mar 12, 2012, at 2:33 PM, Forrest Aldrich wrote: > I've run into a quirky issue with installing ClamAV from an NFS mount. I do > this to keep the same code available to all my systems. I have separate > mounts for 32- and 64-bit. > > For ClamAV, the installation will fail because the NFS mo

Re: [clamav-users] virusdb updates

On Feb 11, 2012, at 3:49 AM, Henri Salo wrote: > Is there a way to receive clamav-virusdb lists in one email per week/month? Enable the "digest mode" in your Mailman preferences, see: http://lists.clamav.net/mailman/listinfo/clamav-virusdb Digests are normally sent daily, or more often if need

Re: [clamav-users] Multiple clamd daemons

On Feb 10, 2012, at 12:19 PM, Reynolds, David C. wrote: > I am (will be) running on a relatively large SGI Origin with a couple of > hundred processors available. Is there an easy configuration setting to > enable multiple clamd daemons to support multiple clamdscan clients in > multiscan mode?

Re: [clamav-users] False Positve rule set of Snort-2.9.2.1 on clamd-0.97.3-3

On Feb 9, 2012, at 3:27 AM, G.W. Haywood wrote: > Chuck Swiger wrote: >> Oh, sure...when this issue was first noticed, anti-virus providers >> started doing things like obfuscating or encrypting the malware >> signatures. However, since malware generally also tries to co

Re: [clamav-users] False Positve rule set of Snort-2.9.2.1 on clamd-0.97.3-3

On Feb 8, 2012, at 10:09 AM, Joel Esler wrote: > We're looking into a solution for this. Oh, sure...when this issue was first noticed, anti-virus providers started doing things like obfuscating or encrypting the malware signatures. However, since malware generally also tries to conceal itself,

Re: [clamav-users] False Positve rule set of Snort-2.9.2.1 on clamd-0.97.3-3

On Feb 8, 2012, at 7:25 AM, Yoshihara Takao wrote: > Hi all, > > Now I use Snort-2.9.2.1 and clamd-0.97.3-3 on the same OS, Scientific Linux > 6.1 (i686). > Since around a month ago, whenever daily clamscan is finished, the same > following False Positive has been detected and the files have bee

Re: [clamav-users] A trojan is not blocked

On Oct 25, 2011, at 5:55 AM, Ivan Ivanov wrote: > Configuration amavisd + ClamAV. [ ... ] > I just wondering why original message passed, but NDR (with attached original > message) was blocked. amavisd is probably not setup to pass the raw message to clamd for scanning. See whether bypass_decod

Re: [clamav-users] 0.97.3 compile on OSX 10.6.8 with xcode 4.2

Hi-- On Oct 19, 2011, at 5:55 PM, TR Shaw wrote: > Hmmm... From the developer site, 4.2 is available for snow and lion. I picked > snow since I need to wait till gpg is working with Lion Mail before migrating > my laptop. So I downloaded the snow version of 4.2. And what was the error when you

Re: [clamav-users] 0.97.3 compile on OSX 10.6.8 with xcode 4.2

On Oct 19, 2011, at 5:37 PM, TR Shaw wrote: > Ideas? If you've got MacOS X 10.6.8, then you can't use Xcode 4.2-- that's for 10.7 or later: ClamAV 0.7.3 appears to compile and pass all self-checks under 10.6.8 using Xcode 4.0 (or 3.x also): make check-TESTS PASS: check_clamav PASS: check_fr

Re: [clamav-users] clamd exits with libclamav error

On Oct 18, 2011, at 10:43 AM, Alex wrote: > I've since learned there was a cooling problem with the processor and > started receiving events like these on the host: > > kernel: [73788.355981] [Hardware Error]: Machine check events logged > kernel: [73914.635576] CPU4: Package temperature above thr

Re: [clamav-users] Yet Another US Mirror Issue

On Sep 13, 2011, at 2:28 PM, Bryan Burke wrote: >> ...with zero successful connections to that IP. The connectivity failure is >> entirely reproducible by hand: >> >> % telnet 88.198.67.125 80 >> Trying 88.198.67.125... >> telnet: connect to address 88.198.67.125: Connection refused >> telnet: U

Re: [clamav-users] Yet Another US Mirror Issue

Hi-- On Sep 13, 2011, at 12:49 PM, Bryan Burke wrote: >> - Which always seems to be the first one checked > > Actual issue. Perhaps DNS caching is a factor? If freshclam checks often > enough, then > perhaps the cache entry never dies, and you get the same order every time? Running "dig db.us.c

Re: [clamav-users] file descriptor limit still 1024 on large 64bit system?

Hi-- On Aug 28, 2011, at 8:06 PM, Jason Haar wrote: > WARNING: MaxThreads * MaxRecursion is too high: 1600, open file > descriptor limit is: 1024 > > Why is that? 1024 is the default value of FD_SETSIZE, used by select(). On some platforms, you can override this macro and increase it if the cod

Re: [clamav-users] Problems compiling 0.97.2 on Solaris 9

Hi-- On Aug 19, 2011, at 12:40 PM, Tom Goerger wrote: > I'm attempting to compile a 64 bit version of 0.97.2 on Solaris 9, and > running into some issues. Version 0.96.4 compiled fine in the same > environment that we're using now, but both this version and 0.97.1 did not > seem to compile correc

Re: [clamav-users] [Clamav-users] Heuristics.Phishing.Email.SpoofedDomain

On Jul 28, 2011, at 2:10 PM, ExodusNZ wrote: > This is the top of the email they are getting > > > Sorry, we were unable to deliver your message to the following address. > > : > Remote host said: 550 (Heuristics.Phishing.Email.SpoofedDomain) [BODY] > Without having a sample message or

Re: [clamav-users] Third Party web interface

On Jul 26, 2011, at 4:53 PM, Nathan Gibbs wrote: > As I stated previously. > Open source the signing methodology and / or code. > This is an open source project, Right? ClamAV is primarily under the GPLv2 license, yes, and various components like bzip, zlib, SHA256, etc are under BSD'ish licenses

Re: [clamav-users] anti virus EICAR file is not detected by the couple clamd amavisd

On Jul 5, 2011, at 12:15 PM, m...@smtp.fakessh.eu wrote: > in my station > anti virus EICAR file is not detected by the couple clamd amavisd Didn't you ask this same question back around Jul 5? amavisd is probably not setup to pass the raw message to clamd for scanning. See whether bypass_decod

Re: [clamav-users] Clamd network access control

On Jul 22, 2011, at 4:51 PM, Nathan Gibbs wrote: > On 7/22/2011 5:46 PM, Chuck Swiger wrote: >> On Jul 22, 2011, at 2:39 PM, Nathan Gibbs wrote: >>> Does clamd have any form of network access control? For instance >>> limiting what IP's can connect. >> >

Re: [clamav-users] Clamd network access control

On Jul 22, 2011, at 2:39 PM, Nathan Gibbs wrote: > Does clamd have any form of network access control? > For instance limiting what IP's can connect. By default, you're either using a local Unix domain socket associated with a path like /var/run/clamav/clamd, or a TCP socket bound to localhost ak

Re: [clamav-users] connect_error: getsockopt(SO_ERROR): fd=5 error=111: Connection refused

On Jul 14, 2011, at 5:25 PM, Chris wrote: > Anyone possibly have an idea why this is. I'm connecting hourly however > at odd times using the freshclamcron script. Though the .diff is > downloaded using a different mirror I'm curious why the connection to > the first one is refused. The webserver a

Re: [clamav-users] To add in FAQ: Running ClamAV under Linux to detect infected Windows

On Jul 12, 2011, at 2:41 AM, sub phil wrote: > Does running ClamAV under Linux will detect infected Windows media? > YES/NO? Sure. While there are a few ClamAV signatures for other platforms like FreeBSD, Linux, and MacOS X, the vast majority of signatures are for Windows malware and platform-i

Re: [clamav-users] ClamAv Broke after Centos Yum Upgrade

On Jul 11, 2011, at 12:54 PM, Bob Cohen wrote: > On Jul 11, 2011, at 3:22 PM, Chuck Swiger wrote: >> Pick whichever user you prefer, chown everything over to it, double-check >> the configs and make sure they match, and then restart clamd and run >> freshclam. > >

Re: [clamav-users] ClamAv Broke after Centos Yum Upgrade

On Jul 11, 2011, at 12:09 PM, Bob Cohen wrote: > I'm running an amavisd-new installation with clamav and spamassassin. When I > set it up, I followed the recipe from the Centos wiki except I used the user > name clam instead of clamav for the group. That would be fine, but you've got to make su

Re: [clamav-users] anti virus EICAR file is not detected by the couple clamd amavisd

On Jul 5, 2011, at 4:42 PM, m...@smtp.fakessh.eu wrote: > in my station > anti virus EICAR file is not detected by the couple clamd amavisd amavisd is probably not setup to pass the raw message to clamd for scanning. See whether bypass_decode_parts is on in amavisd.conf, and/or check your keep_

Re: [clamav-users] FW: APPLE-SA-2011-03-21-1 Mac OS X v10.6.7 and Security Update 2011-001

On 3/27/2011 2:31 AM, Al Varnell wrote: For those of you who chose to update to a third party bzip2 1.0.6 in the interim...I don't know what to tell you. They're likely to be fine. If they installed their build of libbz2 under /usr/local/lib, and setup $DYLD_LIBRARY_PATH to find it (or passed

Re: [clamav-users] Improving Scan Speeds on OS X.4.11

On Mar 18, 2011, at 11:22 AM, Dennis Peterson wrote: [ ... ] > Took a while but you're at least thinking. Please spare the readers of the list this sort of pointless sarcasm. *plonk* -- -Chuck ___ Help us build a comprehensive ClamAV guide: visit htt

Re: [clamav-users] Improving Scan Speeds on OS X.4.11

On Mar 18, 2011, at 11:02 AM, Dennis Peterson wrote: >> Yes, and while locate is great for older files, is not really intended for >> detecting files which have appeared over the past day on a fileserver. By >> default, the locate DB is only rebuilt once a week under OS X > > It is entirely

Re: [clamav-users] Improving Scan Speeds on OS X.4.11

On Mar 17, 2011, at 6:22 PM, Dennis Peterson wrote: > Since you're thinking in this direction you may discover locate is faster > than find though it has issues of it's own as well as opportunity. See more > at man locate. Locate searches a pre-built database rather than crawling your > file sys

Re: [clamav-users] Improving Scan Speeds on OS X.4.11

On Mar 15, 2011, at 12:21 PM, Russ Tyndall wrote: > Because of the huge volume of data being scanned (70 Gb), the scan takes > about 6 hours to complete. > > Is there a practical way to reduce the scan time? As Al noted, 10.4 is about six years old-- released April 2005, last patch was 10.4.11

Re: [clamav-users] Database reload improvement

On Mar 10, 2011, at 9:36 AM, Martin Preen wrote: > In my case its approx 3 minutes. I just switched from 0.95.3 to 0.97 > and before the database reload took about 50 seconds. I tried to > switch off the bytecode signatures, but that doesn't helped. > > Can I tweak a setting to reduce this time ?

Re: [clamav-users] BC.Exploit.CVE_2010_3333

On Jan 26, 2011, at 11:08 AM, David Dorsey wrote: > I scanned a document with clamav and it detected > BC.Exploit.CVE_2010_. I was just wondering where I can get > information about this signature. Specifically, I am trying to find > out what this signature is looking for in the file. I know

Re: [clamav-users] wiki.clamav.net unreachable

On Dec 6, 2010, at 11:17 AM, Kapp wrote: > Trace routes show it as unreachable today. Maintenance? > > Just me or do others see this behaviour. > > Tracing route to wiki.clamav.net [78.47.87.57] Yes, I'm seeing ICMP host unreachables here: % ping 78.47.87.57 PING 78.47.87.57 (78.47.87.57): 56 d

Re: [Clamav-users] [Rkhunter-users] Please test rkhunter-CVS.tar.gz

On Nov 9, 2010, at 12:24 AM, Al Varnell wrote: > The file /private/etc/crontab was placed there on the date/time the system > was installed and has been modified a couple of times by some third party > software that insists on using cron, but all have since been removed and was > last opened at reb

Re: [Clamav-users] Upcoming release of ClamAV

Hi-- On Oct 21, 2010, at 10:09 AM, Chuck Swiger wrote: > I'll be repeating this testing on a MacOSX 10.6 (and maybe 10.5 also) > platform shortly. Seems good under 10.6, using compiler backwards compatibility to 10.4: configure: Summary of detected features follows

Re: [Clamav-users] Upcoming release of ClamAV

Hi, all-- On Oct 19, 2010, at 7:24 AM, Tomasz Kojm wrote: > You can help by testing (or just running ./configure && make check) the > latest code available in our Git repository - the latest snapshot > tarball can be grabbed here: Appears to pass all checks and work fine here using gcc-4.2.5: co

Re: [Clamav-users] Unable to install ClamAV 96.3.

On Oct 1, 2010, at 8:50 AM, Dennis Peterson wrote: > The bzip2 source is a mess that requires much customization to build as the > author hasn't the resources to put it together right. The build infrastructure for bzip uses a plain-jane Makefile with defaults oriented towards ELF/Linux. With mi

Re: [Clamav-users] Whitelisting special accounts

Hi, Jason-- On Sep 29, 2010, at 12:18 PM, Jason Bertoch wrote: > I currently use clamav-milter with 3rd party sigs in sendmail and am writing > the list to see how people are handling special accounts like abuse@ or > postmas...@. clamav-milter has the ability to whitelist e-mail accounts, but

Re: [Clamav-users] freshclam alternate dowload port 80

On Sep 29, 2010, at 9:42 AM, omonte7 wrote: > Yeah, I saw that in the man page but unfortunately I'm not using a proxy. I > can't connect on port 80 through the firewall so I'm restricted to any other > port. Thanks. If you need HTTP access to download ClamAV security updates, presumably the fi

Re: [Clamav-users] ClamAV 96.2 does not compile on macintosh 10.4

On Sep 23, 2010, at 5:56 PM, Syed Zubair wrote: > There never was a problem compiling ClamAV on Tiger but > 96.2 does not compile and returns the following errors. > > make[3]: *** [libclamav.la] Error 1 > make[2]: *** [install-recursive] Error 1 > make[1]: *** [install] Error 2 > make: *** [inst

Re: [Clamav-users] freshclam reports incorrect version

On Sep 22, 2010, at 11:58 AM, Frank Bures wrote: > Yet this is what I have in my log: > > freshclam: ClamAV update process started at Wed Sep 22 14:26:03 2010 > freshclam: Your ClamAV installation is OUTDATED! > freshclam: Local version: 0.96.2 Recommended version: 0.96.3 > > What gives? Perhap

Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??

Hi, all-- On Sep 22, 2010, at 9:40 AM, Larry Stone wrote: >> Download the bzip2 security release and compile. I have to go back to my >> office to check what compile settings are necessary as the dedault make file >> is nor good enough. > > There is, of course, more than one way to get to the

Re: [Clamav-users] RLIMIT_DATA

Hi-- On Sep 21, 2010, at 11:09 AM, Török Edwin wrote: [ ... ] > If it shows ~120M your OS is buggy. > Then run again with ulimit -d 2097151, and see if it reports any higher value. Interesting; even on FreeBSD I get: % ./a.out failed after 15529 mmap() calls, allocated 2426 MB memory [1]1500

Re: [Clamav-users] possible bug

Hi-- On Aug 12, 2010, at 1:37 PM, ulises gonzalez wrote: > how I can report a Clamav's bug?? http://bugs.clamav.net, which takes you to an HTTPS Bugzilla site. Regards, -- -Chuck ___ Help us build a comprehensive ClamAV guide: visit http://wiki.cla

Re: [Clamav-users] Some questions about clamav update

Hi-- On Jul 6, 2010, at 12:32 PM, JD wrote: > For example, the packages installed from the build > failed to create user clamupdate, which freshclam needs. That username isn't the default one which the clamav sources assume, namely: # By default when started freshclam drops privileges and switch

Re: [Clamav-users] Some questions about clamav update warning messages

Hi, JD-- On Jul 6, 2010, at 9:19 AM, JD wrote: > > WARNING: Current functionality level = 44, recommended = 53 > > DON'T PANIC! Read http://www.clamav.net/support/faq > > I read the FAQ and it does not tell me where this setting is set. It's set by ClamAV within the source code itself; thi

Re: [Clamav-users] ClamAV 0.96 and memory usage

On Jun 16, 2010, at 11:26 AM, Vivien Raoul wrote: > I will try it and I'll tell you. About RAM, I didn't explain well. I meant, > how to do to make clamav use more RAM than swap ; i.e. how to reserve RAM to > clamav in order to avoid swap. While you didn't mention which OS you are using (or I forg

Re: [Clamav-users] Clamav Memory/System requirements

Hi, Alex-- On May 26, 2010, at 3:04 PM, Alex wrote: > Is it expected that clamd on Linux should take 315MB of RAM with a > normal configuration? The system is pretty busy, with clamdtop being > "IDLE" for no longer than two seconds at a time, with apparently three > instances running. v0.96.1 cla

Re: [Clamav-users] How to remove my domain from your safebrowsing database

On May 20, 2010, at 9:37 AM, Matt Hamilla wrote: > Im not using clamav, an isp of some of our clients does, and our domain is > blocked. I talked to their mail admin, he says his db is updating twice a > day. Google does not have our site listed as suspicious. Your program > shouldn't be bloc

Re: [Clamav-users] Tiered freshclam updates on port443

On May 14, 2010, at 11:42 AM, Nathan Gibbs wrote: > * Alain Zidouemba wrote: >> Feature requests are always welcome. > > However a resounding NO after putting in the effort is not. > > It has been my experience to post a feature request and be told that. > 1. The lake & short pier are to your ri

Re: [Clamav-users] excluding signatures on SMTP

On May 11, 2010, at 2:27 PM, Matus UHLAR - fantomas wrote: > I'm working on code that would prevent rejecting some kinds of signarures at > SMTP level. For example, phishing reports sent to abuse@ contact should > pass, even if they contain phishing signatures. You haven't mentioned which MTA or o

Re: [Clamav-users] Yet more clubbing of deceased equine.

Hi, all-- On Apr 24, 2010, at 1:19 AM, Simon Hobson wrote: > Forget it, it's been covered, and you'll never persuade this group of people > that a) there was any alternative, You have plenty of alternatives. You can switch to using other AV software from Norton, McCafee, TrendMicro, Panda, Kas

Re: [Clamav-users] Can't map file into memory - mostly PDFs

Hi, Jason-- On Apr 22, 2010, at 12:33 PM, Jason Evans wrote: > The failure mode was trimmed before I was CC'ed, so I'm missing background > information. Thanks for the response. The bug report here: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1941 ...contains the useful details, but th

Re: [Clamav-users] Can't map file into memory - mostly PDFs

Hi-- [ CC:ing Jason as the domain expert. :-) ] On Apr 22, 2010, at 10:01 AM, Royce Williams wrote: > 2010/4/8 Török Edwin : >> On 04/08/2010 11:03 PM, Chuck Swiger wrote: [ ... ] >>>> # sysctl vm.max_proc_mmap >>>> vm.max_proc_mmap: 78951 >>> >&

Re: [Clamav-users] Clubbing a deceased equine

Simon-- After ~20+ postings from you on this topic, you're not saying anything new. Unlike the poor folks running McAfee on Windows who are having their machines rendered unbootable due to a false positive with v5958 of their database, it would require far less effort on your part to either upd

Re: [Clamav-users] The EOL tweets

Hi, all-- On Apr 19, 2010, at 9:59 AM, Paul Reading wrote: > I am using OSX Server 10.4.11 and it is at least five years old and the > latest version of Snow Leopard server includes a more recent version of > clamav. I assumed that the use of clamav was negotiated by Apple and Clamav > and that

Re: [Clamav-users] error in make

On Apr 18, 2010, at 7:14 AM, neidorff wrote: > Thanks. That did help. Now I'm getting a problem starting the daemon. The > error that I am getting is: > > [r...@neidorff ~]# /etc/init.d/clamd start > Starting Clam AV daemon: ERROR: Missing argument for option at line 33 > ERROR: Can't open/pars

Re: [Clamav-users] The EOL tweets

On Apr 16, 2010, at 4:24 PM, Giampaolo Tomassoni wrote: >>> What if your PS3 stops working because the maker thinks it is a too-old >>> model to still go? >> >> A fine question. Let's suppose a certain old PS3 model has a serious >> manufacturing defect, such that it can overheat and catch fire.

Re: [Clamav-users] The EOL tweets

On Apr 16, 2010, at 1:42 PM, Giampaolo Tomassoni wrote: >> The owner of the box. They may not be qualified to manage the machine, >> but computers don't plug themselves into the network-- every machine >> belongs to someone who pays for electrical power and network >> connectivity. > > What if yo

Re: [Clamav-users] The EOL tweets

On Apr 16, 2010, at 11:16 AM, Giampaolo Tomassoni wrote: >> The sysadmins could have done this by turning off freshclam.. and >> saved themselves from having to deal with the upgrade. > > Who is the sysadmin of an unmanaged box? The owner of the box. They may not be qualified to manage t

Re: [Clamav-users] Can't map file into memory - mostly PDFs

Hi-- On Apr 8, 2010, at 12:26 PM, Royce Williams wrote: > Heh - sorry for the extraneous 'T' at the end of your name. No worries, I've been called worse. :-) >> If you're running FreeBSD 7.x, you should already have gcc-4.2.1 or >> thereabouts with the base OS. Anyway, even the gcc-3.4.6 vers

Re: [Clamav-users] Can't map file into memory - mostly PDFs

'm unable to test it because I can't upgrade to 0.96. > I think that this is because of the LLVM issue in bug 1934 reported > by Chuck Swiger. If you're running FreeBSD 7.x, you should already have gcc-4.2.1 or thereabouts with the base OS. Anyway, even the gcc-3.4.6 v

Re: [Clamav-users] Version 0.96: WARNING: DNS record is older than 3 hours.

Hi-- On Apr 7, 2010, at 4:43 PM, Markus Egg wrote: > I solved it: > in my /etc/freshclam.conf there was still > #DatabaseMirror db.XY.clamav.net > obviously freshclam then takes a default server > ( database.clamav.net ?) > which has no DST and therefore the > "DNS record is older than 3 hours."

Re: [Clamav-users] Compiler error

On Apr 7, 2010, at 1:05 PM, Török Edwin wrote: > Is there a way to detect if python was built with THREADS on or off? > > I currently do this test: > > python -V || { echo "Python not found, skipping LLVM tests"; exit 77; } > python < import sys > if sys.hexversion < 0x204: sys.exit(1) > EOF

Re: [Clamav-users] Compiler error

Hi-- On Apr 7, 2010, at 12:45 PM, Török Edwin wrote: > On 04/07/2010 10:31 PM, Jack Raats wrote: >> File "/usr/local/lib/python2.5/threading.py", line 6, in >>import thread >> ImportError: No module named thread > > Looks like an incomplete/broken install of python to me. > lit.py does 'imp

Re: [Clamav-users] clamav-0.96: make distclean fails in libclamav...

Hi, Tomasz-- On Apr 7, 2010, at 11:50 AM, Tomasz Kojm wrote: > could you please report bugs directly to our bugzilla at > http://bugs.clamav.net I would be pleased to. However, I also like to involve the list to gain some insight as to whether the issue can be reproduced by others or whether i

[Clamav-users] clamav-0.96: make distclean fails in libclamav...

Hi-- "make distclean" fails when you do a fresh extract from tarbal & run ./configure alone: % tar zxf clamav-0.96.tar.gz % cd clamav-0.96 % ./configure > /dev/null % make distclean Making distclean in clambc rm -f clambc test -z "*.gcda *.gcno" || rm -f *.gcda *.gcno [ ... ] rm -f TAGS ID GTAG

[Clamav-users] clamav-0.96: struct cli_bc_ctx variables...

Hi-- Also, I notice this in libclamav/c++/bytecode2llvm.cpp around line 1994: SMDiagnostic diag(ctx->file, ctx->line ? ctx->line : -1, ctx->col ? ctx->col-1 : -1, "", std::string(lines->linev[ctx->line-1], lines->linev[ctx->line]-1)); struct cli_bc_ctx from clamav-0.96/byte

[Clamav-users] clamav-0.96: LLVM/JIT assumes gcc-4.x...?

Hi-- There may be an issue with autoconf/configure mechanism not testing for warning flags before assuming they exist: /bin/sh ./libtool --silent --tag=CXX --mode=compile c++ -DHAVE_CONFIG_H -I. -I./../.. -I./.. -I./../../ -I./llvm/include -I./llvm/include -D__STDC_LIMIT_MACROS -D__STDC_CON

Re: [Clamav-users] quick question on freshclam

On Mar 9, 2010, at 3:55 PM, Tom Shaw wrote: > I want to change how I run freshclam on OSX from running as a deamon to > running periodically using launchd. Unfortunately, freshclam's returning of 1 > when no updates were required causes issues with launchd since it thinks > freshclam exited abno

Re: [Clamav-users] clamav syslog and cron

On Mar 9, 2010, at 3:08 PM, Timothy Legge wrote: > The only question now is whether there is a noticable difference in > speed between clamdscan and clamscan? They should scan files at the same speed, but it takes clamscan longer to get started since it has to load up the virus definitions. The

Re: [Clamav-users] How Do You Integrate ClamAV?

On Mar 8, 2010, at 6:56 AM, Carlos Mennens wrote: > I was curious of what most of everyone on the list uses to integrate > ClamAV into their MTA (specifically Postfix)? I was under the > impression that I had to use Amavisd-new which allows me to integrate > 'SpamAssassin' & ' ClamAV'. Do you guys

Re: [Clamav-users] ClamD Scan is not working on ubuntu9.04

On Mar 7, 2010, at 8:52 PM, aman_none wrote: > Our scenerio is like this we have to install clamav for surgemail which will > be installed on Ubuntu OS. We need to integrate with surgemail and hence we > want to use clamdscan only. That decision means you need to give clamd's user to scan whate

Re: [Clamav-users] ClamD Scan is not working on ubuntu9.04

On Mar 7, 2010, at 8:29 PM, aman_none wrote: > 1. After running the scan i m getting the following error >clamdscan /var/ > /var: lstat() failed: Permission denied. ERROR Whatever user clamd is running as does not have read permissions to scan the target. Use clamscan instead of clamdscan, o

Re: [Clamav-users] Getting "***UNCHECKED***" on some emails I send out.

On Feb 25, 2010, at 5:24 PM, Jerry wrote: > Lets take this from the top. [ ... ] The morgue is getting full of flogged-to-death horses and slain strawman arguments. Please stop. -- -Chuck ___ Help us build a comprehensive ClamAV guide: visit http://

Re: [Clamav-users] sorry this is a bit brief...

steve wrote: [ ... ] and is all running fine again. Can anyone suggest where to start with sorting this one out?? Any config file changes I've missed, for example? It might be a problem with some of the many third-party signature databases you are loading; consider restarting 0.95.3 clamd with

Re: [Clamav-users] 64bit RH ES5 Compile Error for Clamav 0.95.3

Hi-- On Oct 30, 2009, at 4:46 PM, George R. Kasica wrote: Why isn't there a .so file? Linking a .a file (compiled without - fPIC) into a .so file (compiled with -fPIC) is not going to work on x86_64. I have no idea - I just followed the zlib instructions to run ./configure make make install

Re: [Clamav-users] List bounces

Hi, Tom-- On Jun 30, 2009, at 3:41 PM, Tom Shaw wrote: I have wasted my time trying to contact snigelpost.org, webnoice.se, swebase.com, wekudata.se and utfors.se who all seem to be part of the problem and who do not return emails sent to postmaster, abuse, and their whois contacts. If yo

  1   2   >