Jerry Bell wrote:
[snip]
When I start up freshclam, I see this:
freshclam daemon 0.83 (OS: freebsd5.2.1, ARCH: i386, CPU: i386)
ClamAV update process started at Wed Mar 9 10:06:35 2005
main.cvd is up to date (version: 30, sigs: 31086, f-level: 4, builder: tkojm)
daily.cvd is up to date (version: 7
Freddie Cash wrote:
[snip]
Looking at the log output, it looks like you have two separate processes
running. One that wakes up every 30 minutes at 22 after and 52 after.
The other that wakes up at half-past (at least, there's not enough log
output to confirm the pattern). The entries are very
Ed Vazquez wrote:
OS: OpenBSD 3.6-stable through 3.7-beta
Compiler: gcc 2.95 (-stable), gcc 3.3.5 (-release and -beta)
ClamAV: 0.83 and -devel (refreshed today)
Options:
./configure --sysconfdir=/etc/clamav --localstatedir=/var
- --infodir=/usr/share/info --mandir=/usr/share/man
- --enable-dependen
Brad Morgan wrote:
Using the lastest (Windows / Cygwin) snapshot available from Clamav.or.id
dated 3/10/2005, clamscan is reporting that it found the virus Oversized.Zip
clamscan --help shows a --block-max switch which I'm not using. I'm not
sure what limits its talking about either.
The zip file
Brian Bruns wrote:
I'm sure this has probably been asked before, but I wasn't able to
find it in the mailing list archives or the documentation - is there a
list somewhere, either in the source code or in the docs, or on the
web, which lists what each return code that clamscan gives back means?
I'v
Brian Bruns wrote:
Its Cygwin, so I'll have to diagnose this with my user, since I'm not
seeing these problems on my end.
That explains everything: Cygwin version 1.5.13-1 (the latest) changed the way
it reports exit codes to Windows.
Inside a Cygwin shell everything is normal (in your case the s
Brian Bruns wrote:
The issue with return codes in 1.5.13 was fixed in a 1.5.14 snapshot
which is what this user is using. I know all about the return code
issue, and was ready to fork the Cygwin source code to fix it if they
didn't fix it themselves. With the latest snapshots, everything is
retur
[EMAIL PROTECTED] wrote:
I am running Fedora Core 3 and Clamav (via an rpm). Coming from windows into
Linux to learn I have some real stupid questions:
I have gone into the running processes (I guess the services?) and see
clamav there running along with freshclam, do I do anything else to keep it
[EMAIL PROTECTED] wrote:
[snip]
since nothing's changed on my system, and my disk
space, inodes, ram, permissions, etc are all okay, i jumped to a
conclusion. i'm investigating further.
A corrupt file system will report false information, i.e. free space when there
is none.
Just a possibility.
Jakub Suchy wrote:
now we tried to debug clamav again and started it and it works...It's really
strange, because we didn't changed anything in configuration.
Is it possible, that the problem was caused by some malicious mail in mailq?
No, it's probably the first reason given by Stephen: long mail l
J. Rivero
> Hi Rene,
Hello.
> I am having exactly the same problem as Ed Vazquez. And I
> have pthread.h
> in my /usr/include directory. I would like to use the POSIX
> threads to
> have decent performance, any idea other than disable pthreads?
>
> Thanks, J Rivero
>
> Here a cut-and Paste
Javier Viegas wrote:
Hi, i´ve seen some servers that add {scanned} in the mail subject
after they ´ve been scanned using clamstpd, but i don´t have any clue
hoy to do this, does anybody can guide me on this??
You can _add_ a header with the Header config option, see:
http://memberwebs.com/nielse
Kurt Albershardt wrote:
> 0.83 on Gentoo Linux
>
> I'm not able to see a socket created, either when I use /var/tmp/clamav
> or when I configure as /var/run/clamav/clamd.sock (after creating the
> clamav directory and changing permissions appropriately.)
>
> Works fine on an old RH8 box, I've dif
Kurt Albershardt wrote:
[snip]
> lsof -p `pidof clamd`
> lsof: no process ID specified
Clamd is not running.
[snip]
> Just a zero-length log file from clamd, and freshclam logs in two
> different places depending on whether it's called from clamd or from the
> cron job. Cron job logs where the c
Jeff Parson wrote:
> We are Running SME Server 6.0.1.01 and Clamav 0.83. We have a loop
> problem after upgrading clamav from 0.82 and 0.83. The problem is, that
> some thing causes the clamscan program to loop infinitely, taking all
> the available memory and stopping access to the internet. Some
Arnaud Huret wrote:
If detecting broken executables is the problem, then:
[snip]
> #DisableDefaultScanOptions
>
> ##
> ## Executable files
> ##
>
> ScanPE
> DetectBrokenExecutables
[snip]
does not enable detecting them. Why? because you have to uncomment
DisableDefaultScanOptions to enable or
Tomasz Kojm wrote:
> On Mon, 18 Apr 2005 14:10:35 -0500
> René Berber <[EMAIL PROTECTED]> wrote:
>
>
>>does not enable detecting them. Why? because you have to uncomment
>>DisableDefaultScanOptions to enable or disable the other options; even
>>if you have DetectBrokenExecutables uncommented the
Stephen Gran wrote:
[snip]
> This option is by default disabled, and is not part of the set
> DefaultScanOptions. If you see Default: enabled, it is a member of
> the set. Does that make it more clear?
So the OP has a correct configuration but his setup seems to not detect broken
executables...
Pete Sherwin S. Villanueva wrote:
> i've set up clamav in my redhat 9 and i'm using clamav-0.83. i attach the
> test file for my mails but it didnt scan. please help me how to.
Clamav by itself doesn't scan the mail, you have to install whatever is necesary
on your mail setup.
If your mail serv
Jon wrote:
> Hi,
Hello.
> Im using Maildir and IMAP on my Sendmail e-mail server.
>
> 1. It seems that there are two (mostly accepted) ways of installing
> clamav as a virusscanner and I wish to know if anyone can advise whitch
> one is the best?
[snip]
There are many ways to use clamav... if y
Jon wrote:
> Hi, Thanks for your reply.
>
> Yes there are many ways. I forgott to mention that i want to use it with
> procmail.
>
> I use spamassassin for spam filtering so that is covered.
>
> How do I go about configuring clamav to work with procmail. In the links
> I sent it seemes they want
Jon wrote:
> trashcan is actually a program see
> http://www.howtoforge.de/howto_spamassassin_clamav_procmail and below.
[snip]
OK, my mistake.
That site is using clamav 0.67 as an example, that's an old version and things
have changed (you don't use clamav.conf, now you use clamd.conf).
> anywa
Jon wrote:
> trashcan is actually a program see
Yep, it's in the 3rd party software list at clamav.net; there's quite a few
procmail helpers I haven't seen.
--
René Berber
___
http://lurker.clamav.net/list/clamav-users.html
Dwayne Hottinger wrote:
> Does clamscan automatically delete virus infected files if I run clamscan from
> the server prompt? For example, If I run clamscan /home/* to scan all home
> files will it delete the viruses found or just list them?
$ clamscan -h
Clam AntiVirus
lizard wrote:
> Hi all,
Howdy!
> I'm a newby but trying to figure things out. I know my clamav is working (it
> stops the eicar test string),
Stops? What do you mean?, stops a mail message carrying it or just detects it
in a file.
> but it doesn't add any type of header to my emails (like X-
Joanna Roman wrote:
[snip]
> Serious answers only. You must be tired. Take a break
> man ! :) Serious, how are they encountered ?
They come in mail. Is that what you wanted to know?
--
René Berber
___
http://lurker.clamav.net/list/clamav-users.html
Jeff Parson wrote:
> OK 0.84 is out but we are still having the same problem SME still goes
> int a loop.
Could you post more detailed information?
How did you install clamav? (compiled, rpm, etc.); how is it used? mailserver,
milter or whatever; how is it configured? and relevant system info.
Jeff Parson wrote:
> Clam AV was installed from the Swerts-Knudsen.dk install file from his
> web site to SME Server 6.0.1.01 and Clamav 0.84. Sme is loaded on a no
> name Celeron 566 with 64mb ram which is used as a mail server running
> qmail. It all worked fine on AV .80 but began to go pear sha
Brian Morrison wrote:
>>I have a problem with .RAR files version 3.
>>
>> "RAR module failure ERROR".
>>
>>This error is for the version of .RAR file. Clamd does not support V3.
>>
>>How I solve the problem of scan v3 Rar archives?
>>
>>With Clamscan I have --unrar option, but in Clamd this option
Rick Macdougall wrote:
> I noticed today that clamdscan exits with an exit code of 2 instead of 0
> when it encounters a password protected zip file, even with
> ArchiveBlockEncrypted commented out.
>
> Is this the recommended exit code, or have I encountered a bug ?
>
> If this is the recommend
Rick Macdougall wrote:
> One place I didn't look that I should have but still, is a password
> protected zip file considered an error ? I can't really allow scans
> that return a 2 to pass through (well I can but I don't think it's a
> good idea).
It has been discused before that clamav can dete
Rick Macdougall wrote:
> So you are saying it is safe to pass on mail with an exit code of 2 ?
No.
> I'll never get an exit code of 2, if say the hd fills up, or clamd is
> running as a user without permissions to read the files or fails for
> some other reason ?
You'll get code 2 for any error
Joanna Roman wrote:
> If I ran clamav on multi processor box, will the
> scanning thread be distributed among multiple
> processors ? Or this is pthread specific ? Have anyone
> try this yet ?
It depends on the operating system and how threads work in it. In general, yes,
they will be distributed
Usman Zajil wrote:
> The clamav installed on fedora 3 while updating gives me this error:
> Can't connect to port 80 of host db.sa.clamav.net (IP: 195.184.96.15)
>
> Trying host db.sa.clamav.net (195.214.240.53)...
[snip]
These messages mean that freshclam tried DNS then http (port 80) to update
Mike Sanchez wrote:
> I run clamd .80 on Solaris 2.7 and call File::Scan::ClamAV from perl to scan
> messages.
Old Solaris version on an old Sparc with not much RAM?
> With .80 top shows clamd < 5%, but on occasion once or twice a week climbs
> to 20% - 30%. Really bogs down the system until c
Mike Sanchez wrote:
>>Old Solaris version on an old Sparc with not much RAM?
>
>
> No, it's got 3G ram 4CPU, processes peaks of 100,000 msgs/hr.
> Solaris is tuned, played with the clamd config options.
You wrote "Solaris 2.7" that's Solaris 7, I haven't seen it in a long time (I
use 8 and 9, h
email builder wrote:
[snip]
> Respectfully (you sound like you know a hell of a lot more than I do about
> these things), the OP presumably (hopefully?) does more than look once at top
> and send out emergency emails to this list. I personally watch system load
> (just from "w" command as well as
I did my own small benchmark, with the contents of my current quarantine
directory (just 48 infected files, but you get the idea) I did the following:
$ clamdscan -V
ClamAV 0.80/876/Thu May 12 18:14:29 2005
$ time clamdscan /tmp/test
[snip (the 48 hits)]
--- SCAN SUMMARY ---
Inf
email builder wrote:
[snip]
> Yep, that's obvious to anyone who stares at top with any regularity. That
> doesn't mean that top is useless tho. :)
No it's not useless (I never said it was).
[snip]
> I understand and agree. But, as useful as looking at stats can be, it's not
> the only way to g
Damian Menscher wrote:
> I've been getting plenty of those German spams, and they're almost all
> coming from prod-infinitum.com.mx. Interestingly, I got one that
> spoofed its From: header as [EMAIL PROTECTED] Which indicates that an
> active clamav user is infected.
You mean a user that has a
Cocoon wrote:
> I want to compile the new clamav version 0.85.1 on a solaris 8 system
>
> Whit the command ./configure -prefix=/var/amavis/clamd every thing works
> fine.
Its --prefix .
> Then I make the make an got this error at the end!
>
> Any ideas?
>
> gcc and dev tools ar up to date...
Cocoon wrote:
[snip]
> Which gcc and most important which ld?
> Gcc 3.4.2
>
> LD_LIBRARY_PATH:/usr/lib:/usr/local/lib:/usr/sfw/lib:/opt/sfw/lib:
Could you report the output of "gcc -print-prog-name=ld" ?
Also the output of "crle -v" .
And, the symbols ld is complaining about... that will show u
Cocoon wrote:
> Can you write me exactly what I have to do "syntax" I will do it no
> problem...
Just run the commands in a terminal.
For instance here's the result in one Sparc/Solaris 8 machine:
--- --- --- ---
-bash-3.00$ gcc -print-prog-name=ld
/usr/ccs/bin/ld
-bash-3.00$ crle -v
Configura
Cocoon wrote:
> # gcc -print-prog-name=ld
> /usr/ccs/bin/ld
Good.
> # crle -v
>
> Default configuration file (/var/ld/ld.config) not found
> Default Library Path (ELF): /usr/lib (system default)
> Trusted Directories (ELF):/usr/lib/secure (system default)
This is normal, it's the S
Cocoon wrote:
[snip]
> checking for bzReadOpen in -lbz2... no
> checking bzlib.h usability... yes
> checking bzlib.h presence... yes
> checking for bzlib.h... yes
Strange, bz2 lib is not intalled but configure doesn't really complains.
> checking for __dn_expand in -lresolv... no
> checking for d
lattera wrote:
> why would you say that I have no respect? The only reason why I'm
> using an old version
It's not the version, it's the tone of your message:
> I would appreciate that this problem be addressed immediately and
> fixed quickly, as every few hours the server (3.2Ghz!) slows to a
guenther wrote:
> Anyone?
>
> Does the absence of any replies mean, there is no real naming convention
> and it is kind of random? ;-)
Have you seen?
http://clamav.net/cvdinfo.html#pagestart
--
René Berber
___
http://lurker.clamav.net/list/clamav-
Frode Egeland wrote:
> Hi all,
Howdy.
> I'm not 100% sure this is the correct list to ask this, but as the problem
> relates to ClamAV, I hope someone will have the answer for me.
>
> I've got a mail filter server set up, running postfix, amavisd-new,
> SpamAssassin and ClamAV.
> This morning
Jim Popovitch wrote:
> I have an HTML file that contains some bad javascript. While the
> javascript itself isn't malicious, what it does is. It begins a
> download process that eventually gives up your PC to others.
>
> Should clam(d)scan identify something like this as a virus?
>
> Here is a
.rp wrote:
> Is there a build anywhere that will run under NT4 ?
There are at least two, Cygwin includes it precompiled in it's packages (works
fine by itself but you may have problems if trying to integrate with a Windows
app), and there's WinClam (or something like that which I don't use).
Als
bonar wrote:
> This is my maillog at /var/log/maillog:
>
[snip]
> Jun 2 13:12:24 uetheta sendmail[4085]: j525Bh7b004085: Milter add:
> header: X-Virus-Scanned: ClamAV version 0.85.1, clamav-milter version
> 0.85 on uetheta
> Jun 2 13:12:24 uetheta sendmail[4085]: j525Bh7b004085: Milter add:
> h
bonar wrote:
> I haven't make any alias address.
> Can u tell me how can I fix this problem or can u show me how do you
> start clamav-milter.
> I try to use this,
>
> CLAMAV_FLAGS="
> --config-file=/etc/clamd.conf
> --headers --quarantine-dir=/usr/local/clamav-0.85.1/quarantine
> --max-children=
bonar wrote:
> Now I'm able to get the "Virus
> intercepted".
> It was great to know you. This is my /var/log/maillog :
>
> Jun 3 12:55:49 uetheta sendmail[8717]: j534t8CU008717:
> from=<[EMAIL PROTECTED]>, size=1482, class=0, nrcpts=1,
> msgid=<[EMAIL PROTECTED]>,
> proto=ESMTP, daemon=MTA, rel
Pavel R. Levashov wrote:
> I have a mail server (sendmail on RedHat 7.3) with clamav antivirus
> (clamd version 0.85.1, clamav-milter version 0.85). Clamd updates its
> antivirus bases regularly, clamav-milter catches all viruses except one:
> Worm.Mytob. This virus is transparent for clamav-milte
histar2 wrote:
> Ok, clam seems to work, since clamscan picks up eicar (all versions) in
> a directory, but I am having trouble getting cgpav (the communigate
> plugin) to work. A little history -- This was an old FC1 system and was
> upgraded to FC3. Now it won't work and I can't figure out why.
55 matches
Mail list logo
