Dear Community - Please kindly help me find the best solution to protect Windows server machines.
Regards,Rithy > From: [email protected] > Subject: clamav-users Digest, Vol 122, Issue 1 > To: [email protected] > Date: Wed, 5 Nov 2014 12:00:00 -0500 > > Send clamav-users mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of clamav-users digest..." > > > Today's Topics: > > 1. Error using libclamav (cli_scanraw error) (Alessandro Vesely) > 2. Re: Error using libclamav (cli_scanraw error) (Shawn Webb) > 3. Re: Error using libclamav (cli_scanraw error) (Alessandro Vesely) > 4. MailScanner Incoming and Quarantine Permissions change > (Mark Meelhuysen) > 5. Re: MailScanner Incoming and Quarantine Permissions change (Jerry) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 04 Nov 2014 18:27:49 +0100 > From: Alessandro Vesely <[email protected]> > To: [email protected] > Subject: [clamav-users] Error using libclamav (cli_scanraw error) > Message-ID: <[email protected]> > Content-Type: text/plain; charset=us-ascii > > Hi, > I use libclamav to have a mail filter scan mail. It works fine at mine. > However, I shared the code with someone and it doesn't work at his --he > reads in BCC. We both use 0.98.4. We managed to run the same test with > debug enabled. On his system he got: > > LibClamAV debug: Module STATS Off > LibClamAV debug: pool memory used: 5.890 MB > LibClamAV debug: No bytecodes loaded, not running builtin test > LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) > LibClamAV debug: Recognized Exim mail file > LibClamAV debug: Starting cli_scanmail(), recursion = 1 > LibClamAV debug: in mbox() LibClamAV debug: in cli_magic_scandesc > (reclevel: 1/16) > ... > LibClamAV debug: Recognized ASCII text > LibClamAV debug: Descriptor[6]: cli_scanraw error Can't allocate memory > LibClamAV debug: cli_magic_scandesc: returning 20 at line 2893 > > While on my system, where it works, I have a cache_check line in the first > snippet, and no error in the second one: > > LibClamAV debug: Module STATS Off > LibClamAV debug: pool memory used: 5.890 MB > LibClamAV debug: No bytecodes loaded, not running builtin test > LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) > LibClamAV debug: Recognized Exim mail file > LibClamAV debug: cache_check: 04d636c6846117fe44a898118e8cc7cb is negative > LibClamAV debug: Starting cli_scanmail(), recursion = 1 > LibClamAV debug: in mbox() > ... > LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) > LibClamAV debug: Recognized ASCII text > LibClamAV debug: cache_check: 7b3120d4da0fe032872cb109c65e76c5 is negative > LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 > LibClamAV debug: in cli_scanscript() > LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 > LibClamAV debug: cli_magic_scandesc: returning 0 at line 2973 > > What does the absence of cash_check lines mean? > > The test was done on a tiny test database. My module is unable to load a > real database on his system. cl_load returns CL_EMALFDB in that case. > Yet, he runs clamd and clamscan without problems. He uses grsecurity. > I only found this on the subject: > http://lurker.clamav.net/message/20060619.021837.f9057bb8.en.html > > I searched clamscan sources for RLIMIT_AS or RLIMIT_DATA (clamd uses the > latter). IME, ENOMEM is not always reported correctly, so I wonder if > CL_EMEM is accurate in this case. > > Anyone saw this syndrome before? > > TIA > Ale > > > ------------------------------ > > Message: 2 > Date: Tue, 4 Nov 2014 12:30:28 -0500 > From: Shawn Webb <[email protected]> > To: ClamAV users ML <[email protected]> > Subject: Re: [clamav-users] Error using libclamav (cli_scanraw error) > Message-ID: > <CAO2uJafquRcvd1QhuCCwgOg1gAKaLCrMh=mvvwycrdrkej4...@mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > On Tue, Nov 4, 2014 at 12:27 PM, Alessandro Vesely <[email protected]> wrote: > > > Hi, > > I use libclamav to have a mail filter scan mail. It works fine at mine. > > However, I shared the code with someone and it doesn't work at his --he > > reads in BCC. We both use 0.98.4. We managed to run the same test with > > debug enabled. On his system he got: > > > > LibClamAV debug: Module STATS Off > > LibClamAV debug: pool memory used: 5.890 MB > > LibClamAV debug: No bytecodes loaded, not running builtin test > > LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) > > LibClamAV debug: Recognized Exim mail file > > LibClamAV debug: Starting cli_scanmail(), recursion = 1 > > LibClamAV debug: in mbox() LibClamAV debug: in cli_magic_scandesc > > (reclevel: 1/16) > > ... > > LibClamAV debug: Recognized ASCII text > > LibClamAV debug: Descriptor[6]: cli_scanraw error Can't allocate memory > > LibClamAV debug: cli_magic_scandesc: returning 20 at line 2893 > > > > While on my system, where it works, I have a cache_check line in the first > > snippet, and no error in the second one: > > > > LibClamAV debug: Module STATS Off > > LibClamAV debug: pool memory used: 5.890 MB > > LibClamAV debug: No bytecodes loaded, not running builtin test > > LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) > > LibClamAV debug: Recognized Exim mail file > > LibClamAV debug: cache_check: 04d636c6846117fe44a898118e8cc7cb is > > negative > > LibClamAV debug: Starting cli_scanmail(), recursion = 1 > > LibClamAV debug: in mbox() > > ... > > LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) > > LibClamAV debug: Recognized ASCII text > > LibClamAV debug: cache_check: 7b3120d4da0fe032872cb109c65e76c5 is > > negative > > LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 > > LibClamAV debug: in cli_scanscript() > > LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 > > LibClamAV debug: cli_magic_scandesc: returning 0 at line 2973 > > > > What does the absence of cash_check lines mean? > > > > The test was done on a tiny test database. My module is unable to load a > > real database on his system. cl_load returns CL_EMALFDB in that case. > > Yet, he runs clamd and clamscan without problems. He uses grsecurity. > > I only found this on the subject: > > http://lurker.clamav.net/message/20060619.021837.f9057bb8.en.html > > > > I searched clamscan sources for RLIMIT_AS or RLIMIT_DATA (clamd uses the > > latter). IME, ENOMEM is not always reported correctly, so I wonder if > > CL_EMEM is accurate in this case. > > > > Anyone saw this syndrome before? > > > You'll need to call cl_initialize_crypto() before calling cl_init(). This > bug will be fixed in ClamAV 0.98.5 (not yet released, but we have an -rc1 > out) and forward. > > Thanks, > > Shawn > > > ------------------------------ > > Message: 3 > Date: Tue, 04 Nov 2014 20:45:43 +0100 > From: Alessandro Vesely <[email protected]> > To: [email protected] > Subject: Re: [clamav-users] Error using libclamav (cli_scanraw error) > Message-ID: <[email protected]> > Content-Type: text/plain; charset=us-ascii > > On Tue 04/Nov/2014 18:30:28 +0100 Shawn Webb wrote: > > On Tue, Nov 4, 2014 at 12:27 PM, Alessandro Vesely <[email protected]> wrote: > > > >> Hi, > >> I use libclamav to have a mail filter scan mail. It works fine at mine. > >> However, I shared the code with someone and it doesn't work at his --he > >> reads in BCC. We both use 0.98.4. We managed to run the same test with > >> debug enabled. On his system he got: > >> > >> LibClamAV debug: Module STATS Off > >> LibClamAV debug: pool memory used: 5.890 MB > >> LibClamAV debug: No bytecodes loaded, not running builtin test > >> LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) > >> LibClamAV debug: Recognized Exim mail file > >> LibClamAV debug: Starting cli_scanmail(), recursion = 1 > >> LibClamAV debug: in mbox() LibClamAV debug: in cli_magic_scandesc > >> (reclevel: 1/16) > >> ... > >> LibClamAV debug: Recognized ASCII text > >> LibClamAV debug: Descriptor[6]: cli_scanraw error Can't allocate memory > >> LibClamAV debug: cli_magic_scandesc: returning 20 at line 2893 > >> > >> While on my system, where it works, I have a cache_check line in the first > >> snippet, and no error in the second one: > >> > >> LibClamAV debug: Module STATS Off > >> LibClamAV debug: pool memory used: 5.890 MB > >> LibClamAV debug: No bytecodes loaded, not running builtin test > >> LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) > >> LibClamAV debug: Recognized Exim mail file > >> LibClamAV debug: cache_check: 04d636c6846117fe44a898118e8cc7cb is > >> negative > >> LibClamAV debug: Starting cli_scanmail(), recursion = 1 > >> LibClamAV debug: in mbox() > >> ... > >> LibClamAV debug: in cli_magic_scandesc (reclevel: 1/16) > >> LibClamAV debug: Recognized ASCII text > >> LibClamAV debug: cache_check: 7b3120d4da0fe032872cb109c65e76c5 is > >> negative > >> LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 > >> LibClamAV debug: in cli_scanscript() > >> LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 > >> LibClamAV debug: cli_magic_scandesc: returning 0 at line 2973 > >> > >> What does the absence of cash_check lines mean? > >> > >> The test was done on a tiny test database. My module is unable to load a > >> real database on his system. cl_load returns CL_EMALFDB in that case. > >> Yet, he runs clamd and clamscan without problems. He uses grsecurity. > >> I only found this on the subject: > >> http://lurker.clamav.net/message/20060619.021837.f9057bb8.en.html > >> > >> I searched clamscan sources for RLIMIT_AS or RLIMIT_DATA (clamd uses the > >> latter). IME, ENOMEM is not always reported correctly, so I wonder if > >> CL_EMEM is accurate in this case. > >> > >> Anyone saw this syndrome before? > > > > You'll need to call cl_initialize_crypto() before calling cl_init(). This > > bug will be fixed in ClamAV 0.98.5 (not yet released, but we have an -rc1 > > out) and forward. > > That was it! Thank you for your quick and precise reply. > How come it works well at mine without calling cl_initialize_crypto()? > > For anyone using grsecurity, he reported he got this message: > libClamAV: Bytecode: disabling JIT because PaX is preventing 'mprotect' > access. > > Which he avoided by running: > paxctl -cm /path/to/the/program/using/libclamav > > Ale > > > ------------------------------ > > Message: 4 > Date: Wed, 5 Nov 2014 07:17:56 +0000 > From: Mark Meelhuysen <[email protected]> > To: ClamAV users ML <[email protected]> > Subject: [clamav-users] MailScanner Incoming and Quarantine > Permissions change > Message-ID: <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > Hello All, > > I am quite new to mailScanner. After setting up some test-systems, I now have > one running in production, in front of an Exchange 2013 box. > Al my minor problems were solved and i finally had a box running smoothly. > But suddenly (after 3 weeks) my mailqueue starts growing after midnight and > no mails are delivered. Research showed me that at a certain point > permissions are changed from the /var/spool/MailScanner/incoming and > /var/spool/MailScanner/quarantine directories, so that MailScanner is unable > to make a new folder for that day. > > The permissions are changed as: > > drwxr-x--- 9 postfix root 4096 Nov 5 08:03 incoming > drwxr-x--- 8 root apache 4096 Nov 5 07:56 quarantine > > They should be: > > drwxr-x--- 9 postfix postfix 4096 Nov 5 08:03 incoming > drwxr-x--- 8 postfix apache 4096 Nov 5 07:56 quarantine > > This has happened for the last 3 nights now. I changed them back manually, > but they seem to go back every day and i cant figure out when this happens > and what makes it happen. > > Anybody any suggestions? > > Thank you in advance. > > Mark > > > > ------------------------------ > > Message: 5 > Date: Wed, 5 Nov 2014 05:15:16 -0500 > From: Jerry <[email protected]> > To: [email protected] > Subject: Re: [clamav-users] MailScanner Incoming and Quarantine > Permissions change > Message-ID: <20141105051516.21226569@scorpio> > Content-Type: text/plain; charset=UTF-8 > > On Wed, 5 Nov 2014 07:17:56 +0000, Mark Meelhuysen stated: > > > Hello All, > > > > I am quite new to mailScanner. After setting up some test-systems, I now > > have one running in production, in front of an Exchange 2013 box. Al my > > minor problems were solved and i finally had a box running smoothly. But > > suddenly (after 3 weeks) my mailqueue starts growing after midnight and no > > mails are delivered. Research showed me that at a certain point permissions > > are changed from the /var/spool/MailScanner/incoming > > and /var/spool/MailScanner/quarantine directories, so that MailScanner is > > unable to make a new folder for that day. > > > > The permissions are changed as: > > > > drwxr-x--- 9 postfix root 4096 Nov 5 08:03 incoming > > drwxr-x--- 8 root apache 4096 Nov 5 07:56 quarantine > > > > They should be: > > > > drwxr-x--- 9 postfix postfix 4096 Nov 5 08:03 incoming > > drwxr-x--- 8 postfix apache 4096 Nov 5 07:56 quarantine > > > > This has happened for the last 3 nights now. I changed them back manually, > > but they seem to go back every day and i cant figure out when this happens > > and what makes it happen. > > > > Anybody any suggestions? > > From the Postfix Add-On Software page: > > mailscanner system, works with Postfix and other MTAs. WARNING: This software > uses unsupported methods to manipulate Postfix queue files directly. This > will result in corruption or loss of mail. The mailscanner authors have so far > refused to discuss a proper access API or protocol. > > Personally, I believe that there are better methods of achieving what you > desire. Personally, I use "amavis" <http://amavis.sourceforge.net/>. > > -- > Jerry > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > clamav-users mailing list > [email protected] > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > > ------------------------------ > > End of clamav-users Digest, Vol 122, Issue 1 > ******************************************** _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
