Dnia 18.02.2009 22:57 użytkownik Stephen Gran napisał : > This one time, at band camp, Mikolaj Menke said: >> Very often clamdscan fails to connect to clamd giving false sense of >> security, as nothing is reported, even when the scanned data is infected. > > st...@vancouver:~$ clamdscan bin/ > connect(): Connection refused > WARNING: Can't connect to clamd. > > I can't reproduce this description of how it works. > >> This also causes other problems for example with exim4, because when it >> encounters this problem it temporarily rejects the message. I could not >> find any relevant data neither in the logs nor in the verbose output of >> clamdscan. The only interesting thing is in exim4's log: >> >> 2009-02-17 18:37:49 1LZTtF-0007M6-1a malware acl condition: clamd: \ >> unable to write to socket (Broken pipe) > > Well, that's the opposite of what's described above, surely? That's > exim noticing that clamd has gone away and not giving a false sense of > security?
That's exim saying it has a problem with clamd. Obviously in this case there is no false sense of security. But running clamdscan like at the bottom of this message might be much worse as nothing is reported. > I am going to suppose that what this bug report is really about is that > sometimes clamd is unavailable, and things go wrong, although I can't > reproduce the first example and the second example looks like everything > being handled as it should. Yes, sometimes clamd is unavailable. The second example just shows that exim handles clamd's error, but the problem is still there. > Can you quantify "very often" ? I certainly don't see it that often, > but if you do, there's probably something we should be chasing down. How often? Just look below: m...@menek(23:35:13)~$clamdscan /usr/local/share/eicar/eicar.com /usr/local/share/eicar/eicar.com: Eicar-Test-Signature FOUND ----------- SCAN SUMMARY ----------- Infected files: 1 Time: 0.023 sec (0 m 0 s) m...@menek(23:35:28)~$clamdscan /usr/local/share/eicar/eicar.com m...@menek(23:35:28)~$clamdscan /usr/local/share/eicar/eicar.com m...@menek(23:35:29)~$clamdscan /usr/local/share/eicar/eicar.com m...@menek(23:35:29)~$clamdscan /usr/local/share/eicar/eicar.com m...@menek(23:35:30)~$clamdscan /usr/local/share/eicar/eicar.com m...@menek(23:35:30)~$clamdscan /usr/local/share/eicar/eicar.com m...@menek(23:35:30)~$clamdscan /usr/local/share/eicar/eicar.com m...@menek(23:35:31)~$clamdscan /usr/local/share/eicar/eicar.com m...@menek(23:35:32)~$clamdscan /usr/local/share/eicar/eicar.com m...@menek(23:35:32)~$clamdscan /usr/local/share/eicar/eicar.com m...@menek(23:35:32)~$clamdscan /usr/local/share/eicar/eicar.com m...@menek(23:35:33)~$clamdscan /usr/local/share/eicar/eicar.com m...@menek(23:35:33)~$clamdscan /usr/local/share/eicar/eicar.com m...@menek(23:35:34)~$clamdscan /usr/local/share/eicar/eicar.com m...@menek(23:35:34)~$clamdscan /usr/local/share/eicar/eicar.com m...@menek(23:35:34)~$clamdscan /usr/local/share/eicar/eicar.com m...@menek(23:35:35)~$clamdscan /usr/local/share/eicar/eicar.com /usr/local/share/eicar/eicar.com: Eicar-Test-Signature FOUND ----------- SCAN SUMMARY ----------- Infected files: 1 Time: 0.012 sec (0 m 0 s) m...@menek(23:35:35)~$ Thanks for your great job! -- http://miki.menek.one.pl [email protected] Gadu-gadu: 2128279 Mobile: +48607345846 _______________________________________________ Pkg-clamav-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
