[EMAIL PROTECTED] wrote:
To clarify, the milter isn't dying... it's just refusing to accept
inputs (there's a difference). And the issue is with the milter, not
with libclamav.
In my case the milter is dying, and needs to be re-started... (started
should I say).
traffic to it, and stop those attempts there, either with tarpitting,
or directly terminate connections that reach a certain ratio of bad
rcpts (as Joe Maimon suggested with a provided patch). This seems OK,
but introduces another single point of failure, as this works if I
disable SMTP directly
Pablo Alsina wrote:
Hi
We have been having some problems lately with our installation. We are
using Sendmail+clamav-milter+clamd as our antivirus solution, over an
RedHat Linux with a 2.4.21 kernel (RH9).
This is somewhat outdated.
Might I recommend you use the newer Fedora Core's or
Damian Menscher wrote:
On Tue, 24 May 2005, Doug Hardie wrote:
On May 24, 2005, at 13:21, Stephen Gran wrote:
snip
Just to bring you (and anyone else joining us) up to speed, here's a
description of how it's supposed to work:
When there's a database update, the milter wants everything
Joe Maimon wrote:
snip
I can probably send a patch if you would like.
Joe
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
This patch still works...can someone tell me whether this is up for
consideration?
#! /bin/sh /usr/share
I have two clamav-milters running on a system. The sendmail on this
system can choose which email gets scanned by which milter.
One is set to send notifications, to be used for automatically
blacklisting virus sending sources.
The other does not notify because it is used by sendmail to scan
Freddie Cash wrote:
On December 15, 2004 08:57 am, Rainer Zocholl wrote:
In the really meanwhile long long linear list of mail scanners
I only see the (non GPLed) DansGuardian Anti-Virus Patch.
Do you mean that?
AFAIK is DansGuardian payware except for private use.
Please do at least the
BitFuzzy wrote:
Is this a joke? licensed under the GPL not free for commercial
use.
As far as I can tell there is nothing wrong with this. In fact I've
seen this quite alot.
The GPL does not prevent anyone from making money.
Since saying not free for commerical use pretty much means that
Nigel Horne wrote:
On Thu, 2004-12-16 at 15:48 +0530, Mohamed Jahfar Sadiq M.R wrote:
Hi All,
I need to install a new Sendmail server with more security features like
ClamAV Anti Virus + Spam Assasin + Squirrel Mail + Sendmail. I was
really confused with where I should start working upon. So
Joe Maimon wrote:
BitFuzzy wrote:
Is this a joke? licensed under the GPL not free for commercial
use.
As far as I can tell there is nothing wrong with this. In fact I've
seen this quite alot.
The GPL does not prevent anyone from making money.
Since saying not free for commerical use
Kiril Todorov wrote:
Ian Lewis wrote:
That is very interesting information Samuel. I shall be interested to
compare
it to my own data.
We quarantine our emails just in case there are any which are genuine
but
holding viruses. Not very likely but you never know.
Do I understand from what you
Joe Maimon wrote:
I can probably send a patch if you would like.
Here is a rough version that I am testing that seems to work for me.
Joe
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
--- clamav-devel/clamav-milter/clamav-milter.c
Seems like it would be usefull for clamav-milter to craft a sendmail
like header in the notification it sends (with --headers arg).
amavis-milter does this.
Currently only headers sendmail receives are sent to clamav-milter which
inserts them into the notification message.
Otherwise you tend
Steve Basford wrote:
since ClamAV reached v0.80, I am using it to scan and reject e-mail
messages. Today I noticed that ClamAV also detects phishing attacks.
Phishing is pure social engineering and poses no threat whatsoever in a
technical sense.
I'm certainly *very* happy that ClamAV team
Stephen Gran wrote:
On Fri, Nov 12, 2004 at 10:29:20AM -0600, Jeremy Kitchen said:
On Thursday 11 November 2004 05:56 pm, Stephen Gran wrote:
[snip]
So, when start-stop-daemon (or daemon) sends a kill signal, it ends up
signalling the wrong thread, and it takes a long time for the signal
Hello All,
If anyone was interested in the -R recipient filter patch for
spamass-milter perhaps you would be interested in this patch
http://www.jmaimon.com/sendmail/patches/milter-rrres.v6.tar.gz
(more info at http://www.jmaimon.com/sendmail )
Which provides the same functionality (and a whole
Fajar A. Nugraha wrote:
Hi,
I got these errors on Linux Console running ClamAV 0.80 :
LibClamAV Error: cli_calloc(): Can't allocate memory (131282 bytes).
calloc_problem: Cannot allocate memory
LibClamAV Error: cli_calloc(): Can't allocate memory (131282 bytes).
calloc_problem: Cannot allocate
Tomasz Kojm wrote:
On Mon, 08 Nov 2004 09:08:30 -0500
Joe Maimon [EMAIL PROTECTED] wrote:
Perhaps this should be configurable for the folk who want clamd to
exit on memory alloc failure and those who do not?
No problem:
Mon Nov 8 15:24:18 CET 2004 (tk
Fajar A. Nugraha wrote:
Tomasz Kojm wrote:
On Mon, 08 Nov 2004 09:08:30 -0500
Joe Maimon [EMAIL PROTECTED] wrote:
Perhaps this should be configurable for the folk who want clamd to
exit on memory alloc failure and those who do not?
No problem:
Mon Nov 8 15:24:18 CET 2004 (tk
Cali Federico wrote:
Hi all,
analyzing the same e-mail with two different antivirus software I have different
results:
-- ClamAv detects Worm.SomeFool.p virus
-- McAfee WebShield detects both W32/[EMAIL PROTECTED] and Exploit-MIME.gen.c
I know that Worm.SomeFool.p and W32/[EMAIL PROTECTED] are
James Lick wrote:
Jason Haar wrote:
I am now going to figure out a way that the installation of
Qmail-Scanner
will *ignore* the presense of clamdscan if its actually clamscan -
that is
really too gross to allow to continue.
The ClamAV authors could put a stop to this by making clamdscan and
Bart Silverstrim wrote:
On Oct 24, 2004, at 3:29 PM, Mark Adams wrote:
Matt wrote:
What's the worst that can happen? It fails to compile, and you still
need
to find a packaged version. You'll be no worse off than you are now.
The worst that can happen? I descend once again into dependency
Scott Rothgaber wrote:
Good Morning!
I've built a gateway using sendmail, clamav and spamassassin. After
setting the MX records for a test domain to go through this box, the
spam is rolling in! ;-) Then, I threw a virus at it. The resulting
behavior is nothing like what I expected...
1)
Stephen Gran wrote:
On Wed, Oct 13, 2004 at 09:38:03AM -0400, Scott Rothgaber said:
Stephen Gran wrote:
Well, really, it looks like something sendmail is failing to do.
Thanks, Stephen! Here's what I have in .mc (wrapped)...
Matt wrote:
Steffen Heil wrote:
For example, I DO have dnsblacklists, helo string checking, mime checks,
clsid extension checks, empty and to large boundary checks, verify
sender domain and soon some callout-checks in front of clamav.
However, some mail should get delivered and those should be
snip
INPUT_MAIL_FILTER(`clamav-milter',
`S=local:/clamav/clmilter.sock,F=, T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clamav-milter')dnl
You need to pass the proper socket path to the milter as its startup
arguments
snip
LocalSocket /clamav/clmilter.sock
Sendmail need one socket
Damian Menscher wrote:
On Mon, 16 Aug 2004, Richard A Nelson wrote:
On Mon, 16 Aug 2004, Todd Lyons wrote:
It shouldn't, however change if a virus is accepted - since sendmail
should be tempfailing mail until the milters are functioning.
Incorrect, depending on how you define
Christopher X. Candreva wrote:
This thread on Trojan.JS.RunMe had me thinking: Hourly virus updates is
better than any of the commercial virus scanners, but obviously still has
issues, especially since a bunch of us obviously submitted updates that had
already been entered. I gather from
Stephen Gran wrote:
snip
As for your actual question, I don;t think the milter has access to that
- it gets the email as a data stream from sendmail, and is relatively
isolated from the actual connection, AFAIK.
If you feel like patching the milter
galactic wrote:
PS, last message was in Rich Text NOT HTML. SO.. I'll just stick to plain
Text for you guys.
Whatever your mail user agent (Outlook) says, what we got here was nice
pure unadulterated HTML.
How do you think Outlook implements Rich Text? By attaching a rich
text format file?
Stephen Gran wrote:
On Mon, May 24, 2004 at 03:38:09PM +0200, Cristian Del Carlo said:
Hi,
i use sendmail in my smtp server.
I have configured sendmail.mc with the follwing options:
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clmilter.sock, F=, T=S:4m;R:4m')
passing --enable-debug through the configure script might help
Sean Matheson wrote:
Scrap that. I found that it was compiled with the '-g' option.
But I still can't seem to get gdb working with the core file
dumped by the freshclam seg fault.
Back to the drawing board.
--
Sean Matheson
Student
Sean Matheson wrote:
Do I simply put --enable-debug in the CFLAGS definition?
If you want to localize the debugging you can do add -g to CFLAGS as
defined in the generated by configure Makefile
If you go that route also add -DCL_DEBUG
Better to use --enable-debug in the initial configure
Rich wrote:
Jason,
I Googled my clamav problem (memory usage grows!) and found this thread.
I've had numerous OOM with my production box so I thought running
Softlimit+Clamd would be a good idea. The problem is I get get segmentation
fault error and all the clamd processes seems to hang.
You
Hello All,
For those who care,
There are new versions of these patches on my
http://www.jmaimon.com/clamav page
- clamav-devel.jm-pl4
OR
- max-child-wait - clamav-milter 0.70x (with the recent fix)
- streammaxlength - clamav-milter 0.70x
- ALLOC_CHECK - clamav-milter 0.70x
-
Samuel Benzaquen wrote:
Hello all,
We've installed clamav / clamav-milter on a sendmail server with HIGH
trafic. It worked well most of the time, but on peak hours (more than 400
concurrent connections per server and 150K mail per hour) the clamav-milter
thorws these errors on the syslog and
Flynn wrote:
There are many ways to do this - using the --mbox option should detect
the virus if the _full_ e-mail is scanned by ClamAV.
Well - let me clarify this situation very carefully :
(v0.70)-clamscan --mbox does *NOT* recognized the _full_ email as a virus.
I have experienced
Colin A. Bartlett wrote:
Lynn Duerksen Sent: Wednesday, May 05, 2004 11:26 AM
Freshclam reports:
RELAY:root[sbin] freshclam
ClamAV update process started at Wed May 5 10:07:25 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder:
Raul Elizondo wrote:
Run m4?
make -C /etc/mail
should compile the .m4 file into the .cf result.
--
Steve
sorry, but that does not make sense, at least with RH7.3
Make sure that sendmail-cf is installed.
--
Regards... Todd
[EMAIL PROTECTED] mail]# rpm -qa | grep sendmail
Raul Elizondo wrote:
This wont do. Get a newer sendmail or compile one your self from
www.sendmail.org
Usualy if you do the latter it is a drop in replacement.
i didnt get it, you mean this version of sendmail wont work? it is working
right now with the changes i did in my last email, it
Raul Elizondo wrote:
Hi agian,
I finnally could compile it and it runs at least the tests, but now the
problem comes when i try to add it in sendmail
INPUT_MAIL_FILTER(`clamav', `S=local:/usr/local/clamav/clamav.sock, F=,
T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clamav')dnl
and when
looks like libsm from sendmail
Try downloading and installing the sendmail-devel kit
Or
downloading and compiling libmilter from sendmail source distribution
and using that path to the configure script
Raul Elizondo wrote:
Hi,
I am having this problem to compile clamav, the problem comes
Have a look at the magic array
cli_magic_s cli_magic
at the top of libclamav/scanners.c
Or look at my patch which adds the option --mbox-force
http://www.jmaimon.com/clamav
Glen Eustace wrote:
Well, I have gotten further now, my problem seems to be that the
scandesc function doesn't
Angelo Turetta wrote:
Do you have any suggestion as to what might be triggering a fatal hanging of
clamav-milter on my server?
This is FreeBSD 4.9-STABLE (cvsup about march 25th), with sendmail
8.12.11/8.12.11, clamav0.70 from ports (but it showed up the same with
0.67-1)
When this happens, I
Andy Fiddaman wrote:
Having a maximum at all makes it easy for someone to DoS you because a
thread is created for each new SMTP connection.. just connect X times and
don't start entering a sender address.
You dont have a max process/children configuration for sendmail? That
enables the same
Hello Mike,
I appreciate your work on clamdwatch. Very nice utility. Should serve my
purpose well.
I do have one suggestion.
The exit code for clamdwatch should probably stick to standards, as
true echo $?; false || echo $?
can demonstrate. 0 exit success, anything else error. (yes this is
Nigel Horne wrote:
On Fri, 2004-04-30 at 13:06, Dale Gallagher wrote:
Nigel Horne wrote
LogFile /dev/stderr will work on many systems
Slackware Linux complains if one uses the above - hence the
patch ;-) I'd be interested to know which OS's are ok with
the above?
Andy Fiddaman wrote:
snip
What I actually want to limit on my boxes is the number of concurrent scans,
not the number of milter threads since 1 thread == 1 incoming email (over
the initial signal threads etc.) and sendmail can control that itself.
Other people may have different priorities.
working. It would be really nice to actually have the bug fixed properly
though, rather than resorting to work-rounds like that.
Mike.
Well than try my latest patch for max-children-wait argument
http://www.jmaimon.com/clamav
The default will be to EXIT when we hit the max-children mark,
Marco Draghi wrote:
I've received the warning about the outdated version of my clamav-0.67 too.
For install the new clamav-0.70.tar.gz do I need to uninstall the first one
and after install the new one, or just install the last version over 0.67??
Thanks, Marco.
If you use the same configure
cH4os wrote:
?
Im kinda new to this, here is what I thought I should do, what did I
do wrong?
FIx the date time on your system (as root):
man date
in the source directory (NOT as root)
./configure --help | less
To get a list of options you may find usefull.
Then put you options and run
Don Levey wrote:
Apr 27 21:38:54 davinci sendmail[7174]: i3S1csjm007174:
from=[EMAIL PROTECTED], size=700, class=0, nrcpts=1,
msgid=[EMAIL PROTECTED], proto=ESMTP,
daemon=MTA, relay=smtp03.mrf.mail.rcn.net [207.172.4.62]
Apr 27 21:42:54 davinci sendmail[7174]: i3S1csjm007174: Milter
(clmilter):
would get called)
Joe Maimon wrote:
So this morning clamd hung up. But then to add insult to injury
max-children of clamav-milter piled up behind it like a car wreck. This
patch adds the argument --max-child-wait=, which works like this.
* -1 wait 60 seconds for max_children and continue.(Old
Don Levey wrote:
On
My sendmail and sendmail-devel are both 8.12.8-9.90.
Is this known to cause problems? Thanks again!
-Don
I dont know. Perhaps you would like to try compiling
sendmail,libmilter,clamav from source?
---
This
So this morning clamd hung up. But then to add insult to injury
max-children of clamav-milter piled up behind it like a car wreck. This
patch adds the argument --max-child-wait=, which works like this.
* -1 wait 60 seconds for max_children and continue.(Old behavior)
* 0 or no value, no
Jim Maul wrote:
Exactly. I never said clamscan should use clamav.conf. I simply stated
that since clamd/clamdscan (and optionally freshclam as well) are the only
programs to use clamav.conf,
clamav-milter references it as well.
---
George Bell wrote:
I had clamav antivirus working fine for a couple months. Now after a
reboot I can't it started to save my neck. After starting the clamd
deamon, which creates /var/run/clamav/clamd.sock, and starting
clamav-milter, clamav-milter exits with following error message:
as root.
If sendmail is already running it issues a warning that
/var/run/clmilter.sock is missing. If I then try again to start
clmilter again the above error repeats.
So ???
Thanks
George
Joe Maimon wrote:
George Bell wrote:
I had clamav antivirus working fine for a couple months. Now
Andrzej Migdalski wrote:
Don Levey wrote:
The lines in sendmail.mc are:
INPUT_MAIL_FILTER(`clamav',
`S=local:/var/run/clamav/clamav-milter.sock, F=,
^^
change it to `clmilter'
I think what you are trying to say is that this part of the config line
I have setup a small page for all my (updated) clamav patches for
purposes of convenience.
http://www.jmaimon.com/clamav
(still running ok)
I will stop harassing you all now about this.
Joe Maimon wrote:
These patches
---
This SF.Net email
Marco Draghi wrote:
Hi, I've been using Clamav on Cyrus imap mail server.
Clamscan works great on mbox, but I'd like to delete automatically
infected mail after clamscan. How can I set it?
Thanks, Marco.
As answered previously on this list
Make sure you only scan one peice of email each time
This is an ongoing issue. Please reach the list archives.
Julio Galicia wrote:
Hi, list:
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies.
Daniel J McDonald wrote:
On Fri, 2004-04-09 at 06:28, Mike van Vugt wrote:
Hello,
Keep getting the message below over and over again.
Have you edited /etc/clamav/clamav.conf? Lots of important things there
you need to set up.
I am new to Linux
and having a hard time to get this
unruhtech wrote:
i just got clamav 0.70-rc up and running on rh 7.3.
this is from my /var/log/maillog
Apr 9 11:11:48 shell mta-daemon[5840]: i39GBmxu005840: Milter (clmilter): local
socket name /var/run/clmilter.sock unsafe
Apr 9 11:11:48 shell mta-daemon[5840]: i39GBmxu005840: Milter
Hello all,
I have been running a clamav-milter setup for a while. Previously I had
been running a amavisd+uvscan setup. I setup clamav-milter to run before
amavisd and configured amavisd to quarantine instead of discard.
I have also created a little script which rm anything from the amavis
Antony Stone wrote:
On Thursday 08 April 2004 8:45 pm, Jack London Networks wrote:
Okay, I like the --mbox support of clamscan. Problem is - now that I
know there are infected messages in people's inboxes/other folders, I
have very little information to go on to find and clean those
Tomasz Kojm wrote:
On Tue, 30 Mar 2004 18:37:53 -0500
Joe Maimon [EMAIL PROTECTED] wrote:
Anyone care to try these? fresh from the oven. barely tested.
+ btread = ( (maxsize ( size + btread maxsize)) ?
(maxsize - size) : btread);
The patch is incorrect.
Works for me
With respect for your considerably greater experience and skill set
than mine.
Tomasz Kojm wrote:
On Tue, 30 Mar 2004 16:03:07 -0500
Joe Maimon [EMAIL PROTECTED] wrote:
by. 2) clamd does not scan anything if the stream is larger than
StreamMaxLength - sizeof(buff).
That's
Jaap Scholten wrote:
Joe Maimon wrote:
Joe Maimon wrote:
I have been having the same as well.
I added some more verbosity into the syslog statement and got this
logged
write failure to clamd, nbytes: -1, quarantine_dir: (null), error:
Bad file descriptor
Any ideas?
OK I
Joe Maimon wrote:
snip
From the maillog:
dsn=4.0.0, stat=Deferred: 451 4.7.1 Please try again later
Any ideas, anyone?
(The latest tarball had issues during the make, so I could not get it
installed)
In my case this is directly due to large emails. Also that above
message means
Joe Maimon wrote:
I have been having the same as well.
I added some more verbosity into the syslog statement and got this logged
write failure to clamd, nbytes: -1, quarantine_dir: (null), error: Bad
file descriptor
Any ideas?
OK I think I know what the problem is. Large attachments
Joe Maimon wrote:
Joe Maimon wrote:
I have been having the same as well.
I added some more verbosity into the syslog statement and got this
logged
write failure to clamd, nbytes: -1, quarantine_dir: (null), error:
Bad file descriptor
Any ideas?
OK I think I know what the problem
Nigel Horne wrote:
The evidence points to incoming connections taking a long time (minutes) to send the
first
line of header after establishing a connection.so clamd gives up waiting. Increasing
clamd's timeout
will help. I have seen 4-5 minutes between an SMTP connection being established
Trog wrote:
On Fri, 2004-03-26 at 15:44, Nigel Horne wrote:
The evidence points to incoming connections taking a long time (minutes) to send the
first
line of header after establishing a connection.so clamd gives up waiting. Increasing
clamd's timeout
will help. I have seen 4-5 minutes
Trog wrote:
On Fri, 2004-03-26 at 17:03, Joe Maimon wrote:
# Thread (scanner - single task) will be stopped after this time (seconds).
# Default is 180. Value of 0 disables the timeout. SECURITY HINT:
Increase the
# timeout instead of disabling it.
ThreadTimeout 600
Still happening
Hello All,
I am new here, I hope this hasnt been hashed to death already.
I recently installed clamav into a production email system, using
clamav-milter.
This system had been operating with amavisd and uvscan (nai's command
line scanner) for years.
Now email is scanned twice, first by
Never-Mind.
Standard database path screwup.
Joe Maimon wrote:
Hello All,
I am new here, I hope this hasnt been hashed to death already.
I recently installed clamav into a production email system, using
clamav-milter.
This system had been operating with amavisd and uvscan (nai's command
I have been having the same as well.
I added some more verbosity into the syslog statement and got this logged
write failure to clamd, nbytes: -1, quarantine_dir: (null), error: Bad
file descriptor
Any ideas?
---
This SF.Net email is
78 matches
Mail list logo
