hi darin,
we use AVAFTERJM ON with Declude 2.0.6.14 and it works like we need it.
mfg
i.a.
gez. markus guhl
***
lds nrw
ref. 241
tel.: 0211 9449 2578
fax.: 0211 9449 8344
mailto:[EMAIL PROTECTED]
***
-Ursprüngliche
At one point on each
machine started getting these errors in the Declude Virus file:
06/04/2005 14:06:54 Qed820cb43917 ERROR: Virus scanner 2 didn't
finish after 60 seconds; terminating.
06/04/2005 14:06:54 Qed820cb43917 WARNING: Couldn't remove .vir
directory
Need some help for a part time sys admin!
Declude Virus/Junkmail Standard 2.0.6.16/F-prot.
We have very limited bandwidth so have expanded the banned extensions list in virus.cfg
to include .mpg, .mpeg, .wmv, etc. This works well but there seems to be
some that are still slipping
Great... Could the Declude staff have this added to the manual?
Darin.
- Original Message -
From: Guhl, Markus (LDS) [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Monday, June 06, 2005 4:28 AM
Subject: AW: [Declude.Virus] Newbie question
hi darin,
we use AVAFTERJM ON with
It looks like the file name is in the MIME segment headers in
quoted-printable format (=?ISO-8859-1?Q?). I am going to assume that
Declude isn't parsing quoted printable in the file names based on your
log line. I would report this to Declude support as this would
definitely be a shortcoming.
Hello Terry,
Sunday, June 5, 2005, 8:14:04 AM, you wrote:
It took a reboot of both machines to fix the problem. On one I had 288
process running which fouls everything else up. Clam is SCANNER2
Any ideas?
TF What did the runclamscan log report if anything? What kind of times
TF are
Hello Scott,
Saturday, June 4, 2005, 7:08:02 PM, you wrote:
SF I also use Terry's runclamscan with no issues.
SF I have had rare email melt downs when I was running runclamd. I could never
SF pin it firmly on anything. So I stopped the runclamd to see how it handles.
So you're saying you use
I can't find anything in the event or application logs that looks bad
around this time either.
I can't either.
I've switched my clamd.conf file settings to run on TCP/IP rather
than local socket. In the clamd.log file there were accept() errors
recorded when this occurs which is a
TF What did the runclamscan log report if anything? What kind of times
TF are you seeing in it for the actual scanning?
I do have some weird log lines on one of the machines:
06-04-2005 13:48:35 0.4840,0.015,0.469 HTML.Phishing.Pay-39 65 0
06-04-2005 13:49:02 0.2660,0.031,0.235
I am not real clear on this thread - but if it has to do with clamd -
it w/Declude no question has a problem in Windows. I have stopped using
it - it may take a week or even a month but it will crash...
-Nick
Terry Fritts wrote:
I can't find anything in the event or application logs
I do have some weird log lines on one of the machines:
Those look okay to me.
There are 57 on one box and 80 on another. Every time I click on of
the files, I get a simple Access Denied error even though ALL clam
processes are stopped and I'm running under a Domain Admin account.
These
TF These exist because the scanner never completed and the files are
TF owned by SYSTEM. You'll have to select them - right click - and
TF change the owner to your Admin account so you can then change the
TF permissions to delete them.
So, it looks like the genesis of the problem is
it looks like the genesis of the problem is that clam started
timing out.
It may be but I haven't been able to force it to happen so far. For
me this is the first instance of this in more than one year.
I am suspicious that it could be a Windows socket issue which is why
I've changed
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Terry Fritts
Sent: 6. juni 2005 21:40
To: David Sullivan
Subject: Re: [Declude.Virus] Second Scanner
If you also want to try this find clamd.conf (usually in
C:\clamav-devel\etc) and open in
Hello Terry,
Monday, June 6, 2005, 3:39:42 PM, you wrote:
it looks like the genesis of the problem is that clam started
timing out.
TF It may be but I haven't been able to force it to happen so far. For
TF me this is the first instance of this in more than one year.
TF I am suspicious
Yes I have seen them too:
email starts with:
Dear Valued Member, According to our site policy
you will have to confirm your account by the following link or else your account
will be suspended within 24 hours for security reasons.
- Original Message -
From:
Jim Matuska
Vulnerability flags = 76
Thanks!
-Nick
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
Forgive me if I'm naive, but what does a local virus scanner have to
do with TCP/IP?
I'll write how I understand it. In the case being discussed we have
ClamD running as a service under Windows. When clamdscan is called
to actually scan a file then that instance of clamdscan communicates
Hello Terry,
TF Normally the service establishes a socket - meaning a hole punched
TF through the OS - to allow such communication to occur. However, for
TF ClamD in the configuration file there is an option to bind the
TF service to a specific IP address and a specific port assignment.
19 matches
Mail list logo