Hi Dennis and list,
If I change 3310 into 21, it will disable my ftp server?
If so, is there any function in ClamAV that can do some pre-scan when someone
upload files.
In the comments of "TCPAddr" say, "By default we bind to INADDR_ANY, probably
not wise.
Enable the following to provide some degree of protection from the outside
world."
Is that means ClamAV can provide taht kind of scan I meationed above?
best,
Frank
----------------------------------------
> From: [EMAIL PROTECTED]
> Subject: clamav-users Digest, Vol 27, Issue 9
> To: [email protected]
> Date: Tue, 12 Dec 2006 12:00:34 +0100
>
> Send clamav-users mailing list submissions to
> [email protected]
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> or, via email, send a message with subject or body 'help' to
> [EMAIL PROTECTED]
>
> You can reach the person managing the list at
> [EMAIL PROTECTED]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of clamav-users digest..."
>
>
> Today's Topics:
>
> 1. Re: Error (Cannot connect to 'localhost:3310':
> IO::Socket::INET: connect: Connection refused ) (Ian Abbott)
> 2. Re: connecting to clamd via TCPIP socket (Ian Abbott)
> 3. Request for testing: ClamAV 0.902c2 packages in experimental
> (Stephen Gran)
> 4. Forcing clamd to reload its database (Gerard Seibert)
> 5. Re: Forcing clamd to reload its database (Stephen Gran)
> 6. Re: Forcing clamd to reload its database (Dennis Peterson)
> 7. Re: Forcing clamd to reload its database (Gerard Seibert)
> 8. Re: Forcing clamd to reload its database (Stephen Gran)
> 9. Re: Forcing clamd to reload its database (Dennis Peterson)
> 10. New ClamAV release (Dennis Peterson)
> 11. Chronic MD5 Verification Errors (Edward Dam)
> 12. RE: clamav-users Digest, Vol 27, Issue 8 (ZhangFrank)
> 13. Re: RE: clamav-users Digest, Vol 27, Issue 8 (Dennis Peterson)
> 14. Offical Package for FreeBSD (ZhangFrank)
> 15. How do I report a false positive > 2Mbytes? (Mogens Kjaer)
> 16. Re: Forcing clamd to reload its database (Ian Abbott)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 11 Dec 2006 11:09:47 +0000
> From: Ian Abbott <[EMAIL PROTECTED]>
> Subject: [Clamav-users] Re: Error (Cannot connect to 'localhost:3310':
> IO::Socket::INET: connect: Connection refused )
> To: ClamAV users ML <[email protected]>
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> On 11/12/2006 10:56, Ian Abbott wrote:
> > The -d option loads a specific database. What you see above is the
> > result of scanning all the files in the current directory for viruses
> > using that database. You could pass it a specific file to scan to avoid
> > scanning everything in the current directory:
> >
> > touch emptyfile
> > clamscan -d scam.ndb emptyfile
>
> Or to avoid having an empty file hanging around, scan empty standard input:
>
> clamscan -d scam.ndb - < /dev/null
>
> --
> -=( Ian Abbott @ MEV Ltd. E-mail: <[EMAIL PROTECTED]> )=-
> -=( Tel: +44 (0)161 477 1898 FAX: +44 (0)161 718 3587 )=-
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 11 Dec 2006 11:22:45 +0000
> From: Ian Abbott <[EMAIL PROTECTED]>
> Subject: [Clamav-users] Re: connecting to clamd via TCPIP socket
> To: ClamAV users ML <[email protected]>
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> On 11/12/2006 03:28, gene wrote:
> > Hello,
> >
> > I am using qmail. I've written a scanner which uses libclamav to virus
> > check emails before they get delivered
> > into local maildirs. Now I would like to run clamd on the seperate server
> > and have my scanner connect to it via TCP/IP
> > socket. Is there a documented API or an example of how to do it ?
> > I know clamdscan has the code that does it, but I was wondering if there is
> > a documented API.
>
> You can use the TCPSocket option in clamd.conf to listen on a TCP port.
> The commands to send to the socket are documented in the clamd man
> page. I guess you'd want to use the STREAM command. This returns an
> arbitrary port number you can connect to to scan an arbitrary stream of
> data, so as Dennis mentioned, you may need to configure your firewall to
> allow these connections to arbitrary port numbers as well as connections
> to the main clamd port number.
>
> --
> -=( Ian Abbott @ MEV Ltd. E-mail: <[EMAIL PROTECTED]> )=-
> -=( Tel: +44 (0)161 477 1898 FAX: +44 (0)161 718 3587 )=-
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 11 Dec 2006 14:48:05 +0000
> From: Stephen Gran <[EMAIL PROTECTED]>
> Subject: [Clamav-users] Request for testing: ClamAV 0.902c2 packages
> in experimental
> To: ClamAV-User <[email protected]>, debian-devel
> <[email protected]>
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset="us-ascii"
>
> Hello all,
>
> I have just uploaded packages for clamav 0.90rc2 to Debian experimental.
> I am requesting testing and feedback about the upgrade path. Besides all
> the usual new features and better detection methods, this upgrade changes
> the config file format in an incompatible way - all options that were
> previously specified by a single directive are now booleans. This is
> great for flexibility, but it meant some interesting maintainer script
> logic to make sure that the new config files didn't remove your local
> changes, but were forward ported to the new syntax. Before I unleash
> these packages on unstable, I would love to hear that this upgrade
> doesn't trash people's config files.
>
> Please reply off list or file bugs as you deem appropriate.
>
> Thanks all,
> --
> -----------------------------------------------------------------
> | ,''`. Stephen Gran |
> | : :' : [EMAIL PROTECTED] |
> | `. `' Debian user, admin, and developer |
> | `- http://www.debian.org |
> -----------------------------------------------------------------
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 189 bytes
> Desc: Digital signature
> Url :
> http://lists.clamav.net/pipermail/clamav-users/attachments/20061211/4c6a56de/attachment.pgp
>
> ------------------------------
>
> Message: 4
> Date: Mon, 11 Dec 2006 10:06:39 -0500
> From: Gerard Seibert <[EMAIL PROTECTED]>
> Subject: [Clamav-users] Forcing clamd to reload its database
> To: ClamAV users ML <[email protected]>
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset="US-ASCII"
>
> What is the preferred method to force clamd to reload its databases?
>
> --
> Gerard
>
>
> ------------------------------
>
> Message: 5
> Date: Mon, 11 Dec 2006 15:11:46 +0000
> From: Stephen Gran <[EMAIL PROTECTED]>
> Subject: Re: [Clamav-users] Forcing clamd to reload its database
> To: [email protected]
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset="us-ascii"
>
> On Mon, Dec 11, 2006 at 10:06:39AM -0500, Gerard Seibert said:
> > What is the preferred method to force clamd to reload its databases?
>
> The simplest is:
> echo RELOAD | nc localhost 3310
> --
> --------------------------------------------------------------------------
> | Stephen Gran | As the poet said, "Only God can make a |
> | [EMAIL PROTECTED] | tree" -- probably because it's so hard |
> | http://www.lobefin.net/~steve | to figure out how to get the bark on. |
> | | -- Woody Allen |
> --------------------------------------------------------------------------
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 189 bytes
> Desc: Digital signature
> Url :
> http://lists.clamav.net/pipermail/clamav-users/attachments/20061211/516d25c1/attachment.pgp
>
> ------------------------------
>
> Message: 6
> Date: Mon, 11 Dec 2006 07:19:16 -0800
> From: Dennis Peterson <[EMAIL PROTECTED]>
> Subject: Re: [Clamav-users] Forcing clamd to reload its database
> To: ClamAV users ML <[email protected]>
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Stephen Gran wrote:
> > On Mon, Dec 11, 2006 at 10:06:39AM -0500, Gerard Seibert said:
> >> What is the preferred method to force clamd to reload its databases?
> >
> > The simplest is:
> > echo RELOAD | nc localhost 3310
> >
>
> Or if you're using Solaris:
> echo RELOAD |mconnect -r -p 3310 0
>
> If you're using a local socket rather than a tcpip socket then check the
> clam monitoring scripts in the source distribution contrib folder for hints.
>
> dp
>
>
> ------------------------------
>
> Message: 7
> Date: Mon, 11 Dec 2006 10:31:20 -0500
> From: Gerard Seibert <[EMAIL PROTECTED]>
> Subject: Re: [Clamav-users] Forcing clamd to reload its database
> To: [email protected]
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset="UTF-8"
>
> On Monday December 11, 2006 at 10:11:46 (AM) Stephen Gran wrote:
>
> > On Mon, Dec 11, 2006 at 10:06:39AM -0500, Gerard Seibert said:
> > > What is the preferred method to force clamd to reload its databases?
> >
> > The simplest is:
> > echo RELOAD | nc localhost 3310
>
> OK, I have to admit that I am not familiar with that command. Anyway, it
> does not appear to have any effect on clamd. There is no indication in
> the clamd.log file that it is in fact rereading the database.
>
> I am running FreeBSD with bash3 as the shell. Also, netstat -a does not
> list any port listening on 3310. I do not have a the TCP port enabled in
> the clamd.conf file.
>
> --
> Gerard
>
>
> ------------------------------
>
> Message: 8
> Date: Mon, 11 Dec 2006 15:35:16 +0000
> From: Stephen Gran <[EMAIL PROTECTED]>
> Subject: Re: [Clamav-users] Forcing clamd to reload its database
> To: [email protected]
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset="us-ascii"
>
> On Mon, Dec 11, 2006 at 10:31:20AM -0500, Gerard Seibert said:
> > On Monday December 11, 2006 at 10:11:46 (AM) Stephen Gran wrote:
> >
> > > On Mon, Dec 11, 2006 at 10:06:39AM -0500, Gerard Seibert said:
> > > > What is the preferred method to force clamd to reload its databases?
> > >
> > > The simplest is:
> > > echo RELOAD | nc localhost 3310
> >
> > OK, I have to admit that I am not familiar with that command. Anyway, it
> > does not appear to have any effect on clamd. There is no indication in
> > the clamd.log file that it is in fact rereading the database.
> >
> > I am running FreeBSD with bash3 as the shell. Also, netstat -a does not
> > list any port listening on 3310. I do not have a the TCP port enabled in
> > the clamd.conf file.
>
> Well, it certainly won't have any effect then :)
>
> I think that the BSD netcat has a unix socket option, although I can't
> remember. You could try that, or there is some code in the contrib/
> directory that may point you to how to do it.
> --
> --------------------------------------------------------------------------
> | Stephen Gran | Blessed be those who initiate lively |
> | [EMAIL PROTECTED] | discussions with the hopelessly mute, |
> | http://www.lobefin.net/~steve | for they shall be know as Dentists. |
> --------------------------------------------------------------------------
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 189 bytes
> Desc: Digital signature
> Url :
> http://lists.clamav.net/pipermail/clamav-users/attachments/20061211/226b059b/attachment.pgp
>
> ------------------------------
>
> Message: 9
> Date: Mon, 11 Dec 2006 07:43:43 -0800
> From: Dennis Peterson <[EMAIL PROTECTED]>
> Subject: Re: [Clamav-users] Forcing clamd to reload its database
> To: ClamAV users ML <[email protected]>
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> Gerard Seibert wrote:
> > On Monday December 11, 2006 at 10:11:46 (AM) Stephen Gran wrote:
> >
> >> On Mon, Dec 11, 2006 at 10:06:39AM -0500, Gerard Seibert said:
> >>> What is the preferred method to force clamd to reload its databases?
> >> The simplest is:
> >> echo RELOAD | nc localhost 3310
> >
> > OK, I have to admit that I am not familiar with that command. Anyway, it
> > does not appear to have any effect on clamd. There is no indication in
> > the clamd.log file that it is in fact rereading the database.
> >
> > I am running FreeBSD with bash3 as the shell. Also, netstat -a does not
> > list any port listening on 3310. I do not have a the TCP port enabled in
> > the clamd.conf file.
> >
>
> Try using kill -1 with the process ID of clamd.
>
> dp
>
>
> ------------------------------
>
> Message: 10
> Date: Mon, 11 Dec 2006 07:47:48 -0800
> From: Dennis Peterson <[EMAIL PROTECTED]>
> Subject: [Clamav-users] New ClamAV release
> To: ClamAV users ML <[email protected]>
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> FYI: Version 0.88.7 was released today. I'd just gotten used to seeing
> them arrive on Friday afternoon - I got the whole weekend off :)
>
> dp
>
>
> ------------------------------
>
> Message: 11
> Date: Mon, 11 Dec 2006 21:38:59 -0500
> From: "Edward Dam" <[EMAIL PROTECTED]>
> Subject: [Clamav-users] Chronic MD5 Verification Errors
> To: [email protected]
> Message-ID:
> <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Hello all,
>
> I have a problem server as of late. It ran qmail+spamassassin+clamav with
> qmail-scanner for a couple years now. Intermittently, freshclam would die
> with an MD5 verification error, which hung the whole mail system.
> Downloading and replacing the main.cvd and/or the daily.cvd, then restarting
> clamd would fix it.
>
> Lately, this has been happening almost daily. There's no real reason to the
> rhyme.
>
> Here's what I've done to try and remedy this:
>
> updated CLAMAV
> updated system BIOS
> Updated the kernel
> updated zlib
> replaced network card and cable
> completely removed all traces of clamav, and compiled (.0.88.7, just today)
> from source.
> used different database servers in freshclam.conf
>
> but the problem remains.
>
> I'm starting to believe it's a hardware error, if it weren't for the fact
> that this system runs a lot of other processes (apache, samba, etc) and none
> of them have any errors of any kind... yet clamd seems to fail regularly
> with the MD5 error.
>
> I've run memtest for 24 hours, and the memory comes up clean.
>
> I'm pulling my hair out here. There's no pattern to it, no schedule.
> Freshclam may run 50 times successfully before crapping out.. or it may only
> run 10 times.
>
> This is really frustrating, as the users are screaming at me every time the
> mail is down. It only takes a minute to re-download the cvd files and
> restart, but it's getting really old really fast.
>
> Any thoughts or ideas?
>
> The install is Redhat 9.0 based, running kernel 2.4.33-4
>
> Thanks for your help in advance,
>
> Ed
>
>
> ------------------------------
>
> Message: 12
> Date: Tue, 12 Dec 2006 13:41:32 +0800
> From: ZhangFrank <[EMAIL PROTECTED]>
> Subject: [Clamav-users] RE: clamav-users Digest, Vol 27, Issue 8
> To: <[email protected]>
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset="gb2312"
>
>
> Hello all,
>
> I have a question about configure clamd. I am not sure the meaning of
> TCPSocket 3310 and TCPAddr 127.0.0.1
>
> For example, when I want to use clamd to give my server some protection from
> outside world, my server provides FTP service,
> can I replace the "127.0.0.1" with my server's IP address like 192.168.0.56
> or something, and change "3310" into "21"£¨my FTP port£©??
>
> best,
>
>
> Frank
> _________________________________________________________________
> ͨ¹ý Windows Live Messenger ±í´ïÄú×Ô¼º£¡
> http://get.live.com/messenger/overview
>
>
> ------------------------------
>
> Message: 13
> Date: Mon, 11 Dec 2006 22:05:46 -0800
> From: Dennis Peterson <[EMAIL PROTECTED]>
> Subject: Re: [Clamav-users] RE: clamav-users Digest, Vol 27, Issue 8
> To: ClamAV users ML <[email protected]>
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=GB2312
>
> ZhangFrank wrote:
> > Hello all,
> >
> > I have a question about configure clamd. I am not sure the meaning of
> > TCPSocket 3310 and TCPAddr 127.0.0.1
> >
> > For example, when I want to use clamd to give my server some
> > protection from outside world, my server provides FTP service, can I
> > replace the "127.0.0.1" with my server's IP address like
> > 192.168.0.56 or something, and change "3310" into "21"£¨my FTP port£©??
> >
> >
>
> That would be a very bad idea.
>
> The address and socket are how local clam and other applications
> communicate with clamd. They have nothing at all to do with ftp. But
> yes, you could do this provided you disabled your ftp server. You are
> better off to use port 3310. The IP is less important - either will work.
>
> dp
>
>
> ------------------------------
>
> Message: 14
> Date: Tue, 12 Dec 2006 15:23:34 +0800
> From: ZhangFrank <[EMAIL PROTECTED]>
> Subject: [Clamav-users] Offical Package for FreeBSD
> To: <[email protected]>
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset="gb2312"
>
>
> Hello,
>
> Do we any offical installation package of clamav-0.88.6? like
> clamav-0.88.6.tbz
>
> If we do, where can I get it?
>
> cheers£¬
>
> Frank
>
>
>
>
>
> _________________________________________________________________
> ͨ¹ý Windows Live Messenger ±í´ïÄú×Ô¼º£¡
> http://get.live.com/messenger/overview
>
>
> ------------------------------
>
> Message: 15
> Date: Tue, 12 Dec 2006 08:18:34 +0100
> From: Mogens Kjaer <[EMAIL PROTECTED]>
> Subject: [Clamav-users] How do I report a false positive > 2Mbytes?
> To: [email protected]
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> The executable FixBobax.exe, which can be downloaded from:
>
> http://sarc.com/avcenter/venc/data/[EMAIL PROTECTED]
>
> is reported by clamav as a trojan:
>
> $ clamscan FixBobax.exe
> FixBobax.exe: Trojan.Qhost.AD FOUND
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 80576
> Engine version: 0.88.7
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 2.59 MB
> Time: 5.013 sec (0 m 5 s)
>
> Trendmicro doesn't find anything wrong with this file.
>
> I've tried to report this on http://cgi.clamav.net/sendvirus.cgi,
> however, only files < 2M are accepted.
>
> Mogens
>
> --
> Mogens Kjaer, Carlsberg A/S, Computer Department
> Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
> Phone: +45 33 27 53 25, Fax: +45 33 27 47 08
> Email: [EMAIL PROTECTED] Homepage: http://www.crc.dk
>
>
> ------------------------------
>
> Message: 16
> Date: Tue, 12 Dec 2006 10:17:42 +0000
> From: Ian Abbott <[EMAIL PROTECTED]>
> Subject: [Clamav-users] Re: Forcing clamd to reload its database
> To: ClamAV users ML <[email protected]>
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> On 11/12/2006 15:11, Stephen Gran wrote:
> > On Mon, Dec 11, 2006 at 10:06:39AM -0500, Gerard Seibert said:
> >> What is the preferred method to force clamd to reload its databases?
> >
> > The simplest is:
> > echo RELOAD | nc localhost 3310
>
> I have clamd listening on a unix-domain socket and use:
>
> echo RELOAD | socat - UNIX-CONNECT:$clamdsocket > /dev/null
>
> (socat is available from http://www.dest-unreach.org/socat/ ).
>
> --
> -=( Ian Abbott @ MEV Ltd. E-mail: <[EMAIL PROTECTED]> )=-
> -=( Tel: +44 (0)161 477 1898 FAX: +44 (0)161 718 3587 )=-
>
>
> ------------------------------
>
> _______________________________________________
> clamav-users mailing list
> [email protected]
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> End of clamav-users Digest, Vol 27, Issue 9
> *******************************************
_________________________________________________________________
Windows Live Safety Center 为您的计算机提供免费的安全扫描服务。
http://safety.live.com/site/ZH-CN/default.htm
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
