[Clamav-users] Re: clamav-devel 20040213 for windows
I tried my build on non-cygwin Win2k's, and they have MD5 verification error too. I still can't figure out why Ignasi Pratt's build has handle_exceptions error though. Efectively I have no CYGWIN installed. I have not had time yet. All machines I tested had no CYGWIN installed. All crushed with MD5. Handle_exceptions apeared only on the binaries of precompiled CVS in clamav_devel_latest aproximately since 17th of February. Compilation of 14th has no Handle_exceptions. Only MD5 error probably on all non CYGWIN machines. Shouldn't we have to set a simple system variable on DOS ? Can people that have CYGWIN machines test if they have any line refering to CYGWIN when they type SET under a DOS box ? Best regards, Ignasi Prat --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Error Message
On Monday 16 Feb 2004 4:37 am, Doug Hardie wrote: Feb 15 19:14:18 1.4 zoon clamav-milter: ClamAv: private data not NULL What does the message mean and is there a configuration parameter I need to alter to avoid it? This sounds like an error thrown by sendmail even though sendmail makes it look like it came from clamav. Check your sendmail.mc file is correct. What operating system is this? What arguments are you using to call clamav-milter? Is clamd still running? (run ps -e | fgrep clamav, or ps -a | fgrep clamav according to your operating system). -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamav-devel 20040216 for windows
Hi everyone at Clamav: The today's CVS downloaded at http://clamav.or.id/ is does not give an MD5 verification error but gives this error: C:\clamav-devel-latest\binfreshclam -v Current working dir is /cygdrive/c/clamav-devel-latest/share/clamav Max retries == 3 ClamAV update process started at Mon Feb 16 09:56:21 2004 Connected to clamav.antispam.or.id (202.134.0.71). Reading CVD header (main.cvd): OK main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm) Connected to clamav.antispam.or.id (202.134.0.71). Reading CVD header (daily.cvd): OK Downloading daily.cvd [*] 10 [main] freshclam 1856 handle_exceptions: Exception: STATUS_ILLEGAL_INSTR UCTION 7543 [main] freshclam 1856 open_stackdumpfile: Dumping stack trace to freshcl am.exe.stackdump C:\clamav-devel-latest\binfreshclam -V freshclam / ClamAV version devel-20040216 The same error is issued by clamscan and clamd: C:\clamav-devel-latest\binclamscan 11 [main] clamscan 804 handle_exceptions: Exception: STATUS_ILLEGAL_INSTRUC TION 2344 [main] clamscan 804 open_stackdumpfile: Dumping stack trace to clamscan. exe.stackdump C:\clamav-devel-latest\binclamd 11 [main] clamd 1724 handle_exceptions: Exception: STATUS_ILLEGAL_INSTRUCTI ON 2660 [main] clamd 1724 open_stackdumpfile: Dumping stack trace to clamd.exe.s tackdump Probably this error is only issued with non instaleld CYGWIN machines. Could anyone check this assumption ? Keep up the good job ! Best regards, Ignasi Prat --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clamav-devel 20040213 for windows
Ignasi Prat wrote: I tried my build on non-cygwin Win2k's, and they have MD5 verification error too. Efectively I have *no CYGWIN installed.* I have not had time yet. All machines I tested had no CYGWIN installed. All crushed with MD5. Just as I thought. ANyway, the developers seems to have fixed this by adding O_BINARY (again) for Cygwin build only. As usual, you can get my precompiled daily build on www.clamav.or.id. Tested it earlier, and it works fine. Handle_exceptions apeared only on the binaries of *precompiled* CVS in clamav_devel_latest aproximately since 17th of February. Meaning you use my build? How odd. With or without cygwin, I never get THAT error. Regards, Fajar A. Nugraha --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamscan -m segfault , possibly a big problem
On Sun, 15 Feb 2004 at 22:34:09 -0700, Starbane wrote: [...] --- SCAN SUMMARY --- Known viruses: 41374 ^ You've got some superfluous database files. There are only 20718 signatures currently. Maybe you've got old format database files left. You should remove needless files from database directory not only because they unnecessarily use more memory, but also because after we remove any possible false positive signature from current database, you'll still have it in your setup, which may cause false alarms. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
On Monday 16 February 2004 1:43 am, Muhamad Soleh Fajari wrote: Peter Bonivart wrote: Mário Luis Ghoneim wrote: What does it means? It means it can't check the digital signatures. It downloads the updates anyway but you can't be sure they have not been compromised. How can I to solve it? Download GMP here: http://www.swox.com/gmp how about if I am not install GMP ?, must i install gmp ? what's the impact if i'm not install it ? If you don't install it then you won't be able to verify digital signatures, and you will get a warning message from freshclam. The anti-virus scanning will still work as normal, you just can't be sure your AV database is genuine. Regards, Antony. -- Software development can be quick, high quality, or low cost. The customer gets to pick any two out of three. Please reply to the list; please don't CC me. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id56alloc_id438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav-devel 20040216 for windows
Ignasi Prat wrote: Hi everyone at Clamav: The today's CVS downloaded at http://clamav.or.id/ is does not give an MD5 verification error but gives this error: Seems I replied your previous post too early :) C:\clamav-devel-latest\binfreshclam -v [snip] STATUS_ILLEGAL_INSTR UCTION 7543 [main] freshclam 1856 open_stackdumpfile: Dumping stack trace to freshcl am.exe.stackdump [snip] The same error is issued by clamscan and clamd: [snip] Probably this error is only issued with non instaleld CYGWIN machines. Could anyone check this assumption ? At least I know that this error is NOT because you don't have cygwin installed. C:\clamav-devel-latestbin\freshclam ClamAV update process started at Mon Feb 16 16:40:06 2004 Reading CVD header (main.cvd): OK Downloading main.cvd [*] main.cvd updated (version: 19, sigs: 19987, f-level: 1, builder: ddm) Reading CVD header (daily.cvd): OK Downloading daily.cvd [*] daily.cvd updated (version: 130, sigs: 731, f-level: 1, builder: ccordes) Database updated (20718 signatures) from clamav.antispam.or.id (202.134.0.71). connect(): Connection refused ERROR: Can't connect to clamd. C:\clamav-devel-latestbin\clamscan share\clamav\test share\clamav\test/debugm.c: OK share\clamav\test/rarfail.rar: RAR module failure. share\clamav\test/rarfail.rar: OK share\clamav\test/README: OK share\clamav\test/test1: ClamAV-Test-Signature FOUND share\clamav\test/test1.bz2: ClamAV-Test-Signature FOUND share\clamav\test/test2.badext: ClamAV-Test-Signature FOUND share\clamav\test/test2.zip: ClamAV-Test-Signature FOUND share\clamav\test/test3.rar: ClamAV-Test-Signature FOUND --- SCAN SUMMARY --- Known viruses: 20718 Scanned directories: 1 Scanned files: 8 Infected files: 5 Data scanned: 0.00 MB I/O buffer size: 131072 bytes Time: 0.592 sec (0 m 0 s) C:\clamav-devel-latestbin\clamscan -V clamscan / ClamAV version devel-20040216 This is on W2K, Sp4, no Cygwin. Again, have you tried it in other machines? Regards, Fajar A. Nugraha --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Segmentation fault clamav clamav-milter
On Sun, 2004-02-15 at 21:47, Patrik wrote: Running clamav and clamav-milter on linux: ClamAV version devel-20040210, clamav-milter version 0.66m We're having lots of mails out and in from server everyday but we're not really able to trust clamd because it quits randomly. clamd.log says: Thu Feb 12 13:16:46 2004 - Session 1 stopped due to timeout. Thu Feb 12 13:31:36 2004 - stream: Worm.SCO.A FOUND Thu Feb 12 13:31:37 2004 - stream: Worm.SCO.A FOUND Thu Feb 12 13:37:30 2004 - Segmentation fault :-( Bye.. It doesnt start itself again and the mail doesnt leave or arrive from/to server. At this time clamav-milter also quits. Looks like known clamd broken behaviour. Hopefully the new version of clamd will get committed to CVS today. -trog signature.asc Description: This is a digitally signed message part
Re: [Clamav-users] Error Message
On Mon, 16 Feb 2004, Nigel Horne wrote: ; On Monday 16 Feb 2004 4:37 am, Doug Hardie wrote: ; ; Feb 15 19:14:18 1.4 zoon clamav-milter: ClamAv: private data not NULL ; What does the message mean and is ; there a configuration parameter I need to alter to avoid it? ; ; This sounds like an error thrown by sendmail even though sendmail makes it ; look like it came from clamav. Check your sendmail.mc file is correct. This is a message from libmilter which means that the milter returned from cb_eom or that the milter context session terminated in some other way but that the context private data was not NULL - so it's a problem in the milter somewhere - probably just a condition where clamfi_cleanup isn't called. The warning is just to let you know that there's a memory leak. (While I'm looking, there are also a few places where memory can leak in clamfi_envfrom. It mallocs the private data structure then can return without freeing it or assigning it to the session context, so it will never be cleaned up. It just needs a few free(privdata) calls before the 'return cl_error' lines.) Andy --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: Clamscan -m segfault , possibly a big problem
Tomasz Papszun wrote: On Sun, 15 Feb 2004 at 22:34:09 -0700, Starbane wrote: [...] --- SCAN SUMMARY --- Known viruses: 41374 ^ You've got some superfluous database files. There are only 20718 signatures currently. Maybe you've got old format database files left. You should remove needless files from database directory not only because they unnecessarily use more memory, but also because after we remove any possible false positive signature from current database, you'll still have it in your setup, which may cause false alarms. Of course, that;s unrelated to the (no longer a-) problem, but I was under the impression that if the new database mirrors were hosed and my cvd's became corrupt, it might be helpful to retain the old viruses.db files. I have no lack of Ram or cpu time on these servers - is this really a concern? I've seen a few repsones to various issues with the cvd files saying that the old databses should be retained. Bad info? --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: Clamscan -m segfault , possibly a big problem
On Mon, 16 Feb 2004 at 3:10:48 -0700, Starbane wrote: Tomasz Papszun wrote: On Sun, 15 Feb 2004 at 22:34:09 -0700, Starbane wrote: --- SCAN SUMMARY --- Known viruses: 41374 ^ You've got some superfluous database files. There are only 20718 signatures currently. Maybe you've got old format database files left. You should remove needless files from database directory not only because they unnecessarily use more memory, but also because after we remove any possible false positive signature from current database, you'll still have it in your setup, which may cause false alarms. Of course, that;s unrelated to the (no longer a-) problem, but I was Of course. I just forgot to add BTW in my message. under the impression that if the new database mirrors were hosed and my Why would they? :-) In fact, new database mirrors are much better. cvd's became corrupt, it might be helpful to retain the old viruses.db files. I have no lack of Ram or cpu time on these servers - is this really a concern? Probably not. Just possible old false positive alarms can happen. I've seen a few repsones to various issues with the cvd files saying that the old databses should be retained. Bad info? I think so. I don't remember such advices. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: clamav-devel 20040216 for windows
Seems I replied your previous post too early :) Using your daily CVS's since last week. :D C:\clamav-devel-latest\binfreshclam -v [snip] STATUS_ILLEGAL_INSTR UCTION 7543 [main] freshclam 1856 open_stackdumpfile: Dumping stack trace to freshcl am.exe.stackdump [snip] The same error is issued by clamscan and clamd: [snip] This is on W2K, Sp4, no Cygwin. Again, have you tried it in other machines? Confirmed Fajar, there is no relation between Cygwin and new Errors: 5 machines tested by now and only one succeded, all other 4 failed. The only one working is a Pentium 4 2666MHz with Windows Server 2003. All other machines are failing with: P2-300 Win2000Pro P3-500 Win2000Pro P2-333 WinXPPro P2-333 WinXPPro And issue diferent line number (I thought it could be the line number but not) on each test (even in the same machine). Don't see any apreciable diference except speed (don't think so) or system (but you are working under WinXP). All folders shared to everyone to avoid conflicts, but the only computer working is the least shared (because it was the server it was shared only to admin and a special user). Tell me if I can do any further log's or tests. Best regards, Ignasi Prat --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Freshclam checks.
Hi, I'm running freshcam in daemon mode and cheking for updates 2 times at day. I have seen in the log file that it is doing the check every 2 hours istead of 2 times at day. I launch the daemon this way: /internet/ClamAV/bin/freshclam -d --checks=2 --quiet -l /internet/ClamAV/log/freshclam.log What am I doing wrong ? Greetings. --- Carles Xavier Munyoz Baldó [EMAIL PROTECTED] http://www.unlimitedmail.net/ --- --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id56alloc_id438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] help required with out of memory error
Hi, I've had spam assassin running with sendmail perfectly well for ages now. I then thought I'd add in clamav using the the defaults (if it isn't bust, don't fix it). Environment being run in is: Solaris 8 (intel) Sendmail 8.12.9 Spam Assassin 2.61 clamav 0.66 gcc 3.2.2 I have tried gcc 2.95 also clamav 0.54, 0.60 (couldn't get 0.54 to see any milters) However, any emails coming in or out, seem to freak out sendmail and spam assassin, here are the lines from a startup (please note that starting sendmail first or last makes no difference). /etc/init.d/virusClam start -n Starting clamav: LibClamAV debug: Loading databases from /opt/share/clamav LibClamAV debug: Loading /opt/share/clamav/main.cvd LibClamAV debug: /opt/share/clamav/main.cvd: CVD file detected LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 46b4b24055925f69a6d5d7802dbd1479 LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /var/tmp//f3f2ef5a26039f0e/COPYING LibClamAV debug: Unpacking /var/tmp//f3f2ef5a26039f0e/viruses.db LibClamAV debug: Loading databases from /var/tmp//f3f2ef5a26039f0e LibClamAV debug: Loading /var/tmp//f3f2ef5a26039f0e/viruses.db LibClamAV debug: Initializing trie. LibClamAV debug: Loading /opt/share/clamav/daily.cvd LibClamAV debug: /opt/share/clamav/daily.cvd: CVD file detected LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 005bfd46ade752d83cf3179a2c711d8b LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /var/tmp//28e07b8bd9f4611e/COPYING LibClamAV debug: Unpacking /var/tmp//28e07b8bd9f4611e/viruses.db2 LibClamAV debug: Loading databases from /var/tmp//28e07b8bd9f4611e LibClamAV debug: Loading /var/tmp//28e07b8bd9f4611e/viruses.db2 ./testSendmailIn [EMAIL PROTECTED] Connecting to localhost.nomadsoft.co.uk. via relay... 421 4.0.0 out of memory: Not enough space QUIT [EMAIL PROTECTED] Deferred: 421 4.0.0 out of memory: Not enough space Closing connection to localhost.nomadsoft.co.uk. /etc/init.d/virusClam stop -n Shutting down clamav: cheers --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam checks.
On Mon, 16 Feb 2004 at 13:38:27 +0100, Carles Xavier Munyoz Baldó wrote: Hi, I'm running freshcam in daemon mode and cheking for updates 2 times at day. I have seen in the log file that it is doing the check every 2 hours istead of 2 times at day. I launch the daemon this way: /internet/ClamAV/bin/freshclam -d --checks=2 --quiet -l /internet/ClamAV/log/freshclam.log What am I doing wrong ? Maybe you have also a cronjob which executes freshclam? -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam checks.
On Mon, 16 Feb 2004 13:38:27 +0100 Carles Xavier Munyoz Bald [EMAIL PROTECTED] wrote: Hi, I'm running freshcam in daemon mode and cheking for updates 2 times at day. I have seen in the log file that it is doing the check every 2 hours istead of 2 times at day. I launch the daemon this way: /internet/ClamAV/bin/freshclam -d --checks=2 --quiet -l /internet/ClamAV/log/freshclam.log What am I doing wrong ? It seems freshclam is more responsible than you ;-) Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Feb 16 14:37:50 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] Freshclam checks.
On Mon, 16 Feb 2004, Tomasz Papszun wrote: On Mon, 16 Feb 2004 at 13:38:27 +0100, Carles Xavier Munyoz Baldó wrote: Hi, I'm running freshcam in daemon mode and cheking for updates 2 times at day. I have seen in the log file that it is doing the check every 2 hours istead of 2 times at day. I launch the daemon this way: /internet/ClamAV/bin/freshclam -d --checks=2 --quiet -l /internet/ClamAV/log/freshclam.log What am I doing wrong ? Check for a freshclam.conf file and check the settings there. Usually found in an /etc or /usr/local/etc directory. Tom --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id56alloc_id438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav-devel-20040215 : automake build error on Fedora Core 1
On Mon, 16 Feb 2004 13:24:55 +0700 Fajar A. Nugraha [EMAIL PROTECTED] wrote: automake-1.6 --gnu Makefile aclocal.m4:4200: version mismatch. This is Automake 1.6.3, but aclocal.m4 aclocal.m4:4200: was generated for Automake 1.6.1. You should recreate aclocal.m4:4200: aclocal.m4 with aclocal and run automake again. make: *** [Makefile.in] Error 1 Fixed Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Feb 16 14:15:28 CET 2004 pgp0.pgp Description: PGP signature
[Clamav-users] Upgrading to ClamAV 0.67 from 0.65
I installed 0.65 on a RH9 system using the source install (as opposed to the RPM) and I now want to upgrade to 0.67 using the same method. What is the proper way to do this? Is there and uninstall/upgrade method for doing this? Or, do I just download it, un-tar the 0.67 files then run: $ ./configure --sysconfdir=/etc $ make $ su -c make install I seem to recall that someone had asked this, but cannot find it in the list. If I do have to un-install the 0.65 install, how do I go about this? I am used to working with RPM binaries, but I want to get into installing from source files instead to get a better idea of the installation process. Any help would be appreciated Regards, Craig D. -- -- Craig Daters ([EMAIL PROTECTED]) Systems Administrator West Press Printing 1663 West Grant Road Tucson, Arizona 85745-1433 Tel: 520-624-4939 Fax: 520-624-2715 www.westpress.com -- --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Implementation Questions
I have installed ClamAV friday and have it successfully tagging viruses e-mail with a header, but am wondering how people have actually stoped the message that has a virus attached. It seems to me like the easiest way would be to just not devilver any mail that has a header saying it has a virus. Although this would work I would rather send the recipient of the letter a message saying that someone tried to send them a message, but it had a virus so it was stopped. I am curious to know how some of you have this setup. Any input would be appreciated. I am currently running clamav via procmail. Josh
Re: [Clamav-users] Implementation Questions
On Monday 16 February 2004 3:27 pm, Spam wrote: I have installed ClamAV friday and have it successfully tagging viruses e-mail with a header, but am wondering how people have actually stoped the message that has a virus attached. It seems to me like the easiest way would be to just not devilver any mail that has a header saying it has a virus. Although this would work I would rather send the recipient of the letter a message saying that someone tried to send them a message, but it had a virus so it was stopped. I am curious to know how some of you have this setup. Any input would be appreciated. I run MailScanner http://www.mailscanner.info as a wrapper to ClamAV and SpamAssassin (it can also handle many other A-V engines, and does further tests checks of its own), and I find this a very good solution to handling email. Regards, Antony. -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? Please reply to the list; please don't CC me. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Upgrading to ClamAV 0.67 from 0.65
On Mon, 16 Feb 2004, Craig Daters wrote: I installed 0.65 on a RH9 system using the source install (as opposed to the RPM) and I now want to upgrade to 0.67 using the same method. What is the proper way to do this? Is there and uninstall/upgrade method for doing this? Or, do I just download it, un-tar the 0.67 files then run: $ ./configure --sysconfdir=/etc $ make $ su -c make install I seem to recall that someone had asked this, but cannot find it in the list. If I do have to un-install the 0.65 install, how do I go about this? I am used to working with RPM binaries, but I want to get into installing from source files instead to get a better idea of the installation process. Any help would be appreciated Here's what I do personally which seems to work great; I'm using Slackware Linux, and I build ClamAV from source. But, I don't want to just do make install as that leaves me with the responsabillity to manually clean out old versions by hand etc. So what I do instead is use checkinstall. checkinstall is a tool that'll monitor an installation done by make install and then it'll build a package for your distribution that you can later uninstall or upgrade with your distributions standard tools. checkinstall can build both Slackware packages, RPMs, Debian .deb packages etc. Here's an example of how I do it (you would ofcourse use rpm in place of my use of slackwares installpkg/removepkg/upgradepkg tools). ; First I configure clamav-0.65 $ ./configure with whatever options I want to use ; then I build it $ make ; then we change to the root user to install/build package $ su ; then we run checkinstall (which then runs 'make install' and monitor it) # checkinstall -S ; the -S option tells checkinstall to build a Slackware package, ; you'd ofcourse want to build a RedHat one ; you can run checkinstall without any options and it will ask ; what distribution to build a package for ; now, after checkinstall finishes I'm left with a Slackware package ; named clamav-0.65-i486-01.tgz which I can then install # installpkg clamav-0.65-i486-01.tgz ; Now that was pretty easy... ; if I want to remove clam again I can now simply run # removepkg clamav-0.65-i486-01 ; just as with any other package Now, let's assume I have 0.65 installed as pr the instructions above and I download 0.67 and want to upgrade. Then I'd first build 0.67 *just like* I did with the 0.65 version above. This time I'l be left with a package called clamav-0.67-i486-01.tgz , and to upgrade I only have to run # upgradepkg clamav-0.67-i486-01.tgz And the magic happens :-) Same thing with RedHat, except you'd use rpm -i etc to install/remove/upgrade the generated packages. You can find checkinstall here : http://asic-linux.com.mx/~izto/checkinstall/index.php I'm personally using the latest checkinstall-1.6.0beta3 version which works like a charm. You should read the very informative README file here : http://asic-linux.com.mx/~izto/checkinstall/docs/README If you want all the details, but simple usage like above should do you just fine in most cases. In my oppinion checkinstall is a life saver when doing a lot of source installs of software. Kind regards, Jesper Juhl --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Implementation Questions
MailScanner at http://www.mailscanner.info does this quite nicely! It is easy to install and get up and running. I have installed ClamAV friday and have it successfully tagging viruses e-mail with a header, but am wondering how people have actually stoped the message that has a virus attached. It seems to me like the easiest way would be to just not devilver any mail that has a header saying it has a virus. Although this would work I would rather send the recipient of the letter a message saying that someone tried to send them a message, but it had a virus so it was stopped. I am curious to know how some of you have this setup. Any input would be appreciated. I am currently running clamav via procmail. Josh -- -- Craig Daters ([EMAIL PROTECTED]) Systems Administrator West Press Printing 1663 West Grant Road Tucson, Arizona 85745-1433 Tel: 520-624-4939 Fax: 520-624-2715 www.westpress.com -- --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: help required with out of memory error
HELP! Just in case it was down to the version of clamAV I was running, I just upgraded to the latest version (0.67-1) and I get the same errors: ./testSendmailIn [EMAIL PROTECTED] Connecting to localhost.nomadsoft.co.uk. via relay... 421 4.0.0 out of memory: Not enough space QUIT [EMAIL PROTECTED] Deferred: 421 4.0.0 out of memory: Not enough space Closing connection to localhost.nomadsoft.co.uk. from my mail log: Feb 16 15:56:03 giggs spamass-milter[25751]: [ID 718232 mail.error] spamass-milter 0.2.0+cvs starting Feb 16 15:56:06 giggs sm-mta[25761]: [ID 702911 mail.info] starting daemon (8.12.9): [EMAIL PROTECTED]:05:00 Feb 16 15:56:06 giggs sm-mta[25762]: [ID 801593 mail.info] i1GFt5w8025637: to=[EMAIL PROTECTED], ctladdr=[EMAIL PROTECTED] (0/1), delay=00:01:01, xdelay=00:00:00, mailer=relay, pri=120373, relay=mail.uk.nomadsoft.com. [192.168.2.4], dsn=2.0.0, stat=Sent (Message accepted for delivery) Feb 16 15:56:13 giggs.nomadsoft.co.uk spamd[25758]: server started on port 783/tcp (running version 2.61) Feb 16 15:56:32 giggs sendmail[25773]: [ID 801593 mail.info] i1GFuWTb025773: from=jwalton, size=89, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], [EMAIL PROTECTED] Feb 16 15:56:32 giggs sm-mta[25774]: [ID 801593 mail.alert] i1GFuWxJ025774: SYSERR(root): out of memory: Not enough space Feb 16 15:56:32 giggs spamass-milter[25751]: [ID 275715 mail.error] NULL context in mlfi_close! Should not happen! Feb 16 15:56:32 giggs sendmail[25773]: [ID 801593 mail.info] i1GFuWTb025773: [EMAIL PROTECTED], ctladdr=jwalton (10754/10860), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30081, relay=localhost.nomadsoft.co.uk. [IPv6:::1], dsn=4.0.0, stat=Deferred: 421 4.0.0 out of memory: Not enough space giggs:/giggs/scripts# from the clamAV log: Mon Feb 16 15:55:36 2004 - +++ Started at Mon Feb 16 15:55:36 2004 Mon Feb 16 15:55:36 2004 - Log file size limited to 1048576 bytes. Mon Feb 16 15:55:36 2004 - Verbose logging activated. Mon Feb 16 15:55:36 2004 - Running as user clamav (UID 30002, GID 30002) Mon Feb 16 15:55:36 2004 - Reading databases from /opt/share/clamav Mon Feb 16 15:55:39 2004 - Protecting against 20718 viruses. Mon Feb 16 15:55:40 2004 - Unix socket file /var/run/clamav/clamav.sock Mon Feb 16 15:55:40 2004 - Setting connection queue length to 15 Mon Feb 16 15:55:40 2004 - Listening daemon: PID: 25666 Mon Feb 16 15:55:40 2004 - Maximal number of threads: 5 Mon Feb 16 15:55:40 2004 - Archive: Archived file size limit set to 10485760 bytes. Mon Feb 16 15:55:40 2004 - Archive: Recursion level limit set to 5. Mon Feb 16 15:55:40 2004 - Archive: Files limit set to 1000. Mon Feb 16 15:55:40 2004 - Archive: Compression ratio limit set to 200. Mon Feb 16 15:55:40 2004 - Archive support enabled. Mon Feb 16 15:55:40 2004 - RAR support enabled. Mon Feb 16 15:55:40 2004 - Mail files support enabled. Mon Feb 16 15:55:40 2004 - Self checking every 3600 seconds. Mon Feb 16 15:55:40 2004 - Timeout set to 180 seconds. Mon Feb 16 15:55:40 2004 - SelfCheck: Database status OK. Mon Feb 16 15:55:40 2004 - SelfCheck: Integrity OK many thanks for any help given --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Implementation Questions
On Monday 16 February 2004 10:27, Spam wrote: I have installed ClamAV friday and have it successfully tagging viruses e-mail with a header, but am wondering how people have actually stoped the message that has a virus attached. It seems to me like the easiest way would be to just not devilver any mail that has a header saying it has a virus. Although this would work I would rather send the recipient of the letter a message saying that someone tried to send them a message, but it had a virus so it was stopped. I am curious to know how some of you have this setup. Any input would be appreciated. I am currently running clamav via procmail. There are a few good open-source virus scanners out there for *nix, mostly written in perl. Mailscanner (http://www.mailscanner.info) is a good one that integrates really well with sendmail. Amavis (http://www.amavis.org) is another that works great with many MTA's (most notably Postfix). These are both full-fledged virus scanners that can use ClamAV and run with the MTA to tag/quarantine/block/filter viruses and spam (usually with Spamassassin). Both Mailscanner and Amavis have configuration options that will send notifications to the sender/recipient and/or an administrator. A procmail recipe could do the same, you may want to check out the procmail defanger (http://www.impsec.org/email-tools/procmail-security.html) -- -- Matt K. Best [EMAIL PROTECTED] --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Upgrading to ClamAV 0.67 from 0.65
* Craig Daters [EMAIL PROTECTED] [20040216 18:37]: wrote: I installed 0.65 on a RH9 system using the source install (as opposed to the RPM) and I now want to upgrade to 0.67 using the same method. What is the proper way to do this? Is there and uninstall/upgrade method for doing this? Or, do I just download it, un-tar the 0.67 files then run: $ ./configure --sysconfdir=/etc I do the same, but I am particular about the options I pass to configure. $ make Me does that too. $ su -c make install Yeah. I seem to recall that someone had asked this, but cannot find it in the list. Since I mostly use CVS code, I always seem to need to delete the old clamav libs before the new source code compiles. If I do have to un-install the 0.65 install, how do I go about this? These files will be overwritten by the new ones, I believe, so no need to do unistall. I am used to working with RPM binaries, but I want to get into installing from source files instead to get a better idea of the installation process. You are on the right path, but again, I am not that familiar with the way linux works. If the last time you installed it did not complain about any missing libs, then it should be fine this time round. cheers - wash +--+-+ Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE) | wash at wananchi dot com . 1ere Etage, Loita Hse, Loita St., | GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI | GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 | +-+--+ Oh My God! They killed init! You Bastards! --from a /. post --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Upgrading to ClamAV 0.67 from 0.65
Thanks Jesper, I'll check it out. Here's what I do personally which seems to work great; I'm using Slackware Linux, and I build ClamAV from source. But, I don't want to just do make install as that leaves me with the responsabillity to manually clean out old versions by hand etc. So what I do instead is use checkinstall. checkinstall is a tool that'll monitor an installation done by make install and then it'll build a package for your distribution that you can later uninstall or upgrade with your distributions standard tools. checkinstall can build both Slackware packages, RPMs, Debian .deb packages etc. Here's an example of how I do it (you would ofcourse use rpm in place of my use of slackwares installpkg/removepkg/upgradepkg tools). ; First I configure clamav-0.65 $ ./configure with whatever options I want to use ; then I build it $ make ; then we change to the root user to install/build package $ su ; then we run checkinstall (which then runs 'make install' and monitor it) # checkinstall -S ; the -S option tells checkinstall to build a Slackware package, ; you'd ofcourse want to build a RedHat one ; you can run checkinstall without any options and it will ask ; what distribution to build a package for ; now, after checkinstall finishes I'm left with a Slackware package ; named clamav-0.65-i486-01.tgz which I can then install # installpkg clamav-0.65-i486-01.tgz ; Now that was pretty easy... ; if I want to remove clam again I can now simply run # removepkg clamav-0.65-i486-01 ; just as with any other package Now, let's assume I have 0.65 installed as pr the instructions above and I download 0.67 and want to upgrade. Then I'd first build 0.67 *just like* I did with the 0.65 version above. This time I'l be left with a package called clamav-0.67-i486-01.tgz , and to upgrade I only have to run # upgradepkg clamav-0.67-i486-01.tgz And the magic happens :-) Same thing with RedHat, except you'd use rpm -i etc to install/remove/upgrade the generated packages. You can find checkinstall here : http://asic-linux.com.mx/~izto/checkinstall/index.php I'm personally using the latest checkinstall-1.6.0beta3 version which works like a charm. You should read the very informative README file here : http://asic-linux.com.mx/~izto/checkinstall/docs/README If you want all the details, but simple usage like above should do you just fine in most cases. In my oppinion checkinstall is a life saver when doing a lot of source installs of software. Kind regards, Jesper Juhl -- -- Craig Daters ([EMAIL PROTECTED]) Systems Administrator West Press Printing 1663 West Grant Road Tucson, Arizona 85745-1433 Tel: 520-624-4939 Fax: 520-624-2715 www.westpress.com -- --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Database initialize error
After installing ClamAV on OS X 1.3.2 (client with XTools), I am getting the following error when I try to run the application: [chadwick:/usr/local/bin] root# /usr/local/sbin/clamd LibClamAV debug: Loading databases from /var/clamav_db ERROR: Database initialization error. There is an empty directory /var/clamav_db. Where should the database be and how do I get it in there? --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Upgrading to ClamAV 0.67 from 0.65
$ ./configure --sysconfdir=/etc I do the same, but I am particular about the options I pass to configure. What kind of options are you particular about? Should I be particular about them too? -- -- Craig Daters ([EMAIL PROTECTED]) Systems Administrator West Press Printing 1663 West Grant Road Tucson, Arizona 85745-1433 Tel: 520-624-4939 Fax: 520-624-2715 www.westpress.com -- --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Database initialize error
On Monday 16 February 2004 4:46 pm, Chadwick Wachs wrote: After installing ClamAV on OS X 1.3.2 (client with XTools), I am getting the following error when I try to run the application: [chadwick:/usr/local/bin] root# /usr/local/sbin/clamd LibClamAV debug: Loading databases from /var/clamav_db ERROR: Database initialization error. There is an empty directory /var/clamav_db. Where should the database be and how do I get it in there? On Linux systems at least, the database files live in /usr/local/share/clamav and you update them by running freshclam. Regards, Antony. -- There's no such thing as bad weather - only the wrong clothes. - Billy Connolly Please reply to the list; please don't CC me. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Implementation Questions
On Mon, 2004-02-16 at 10:27, Spam wrote: I have installed ClamAV friday and have it successfully tagging viruses e-mail with a header, but am wondering how people have actually stoped the message that has a virus attached. You want to run ClamAV at SMTP time and stop the virus before your system accepts it and has to decide what to do with it then. Otherwise, you *could* have your procmail recipe just drop virus msgs on the floor, but that's not as nice IMO. I run Exim+Exiscan and deny immediately at SMTP time. There are other setups that will do the same. It seems to me like the easiest way would be to just not devilver any mail that has a header saying it has a virus. Although this would work I would rather send the recipient of the letter a message saying that someone tried to send them a message, but it had a virus so it was stopped. I am curious to know how some of you have this setup. Any input would be appreciated. Ahspam your usersgood idea :) Consider that most viruses these days spoof the sender address and the mail is not legitimate (i.e. not sent by a live person with actual content that the recipients want). All you will do is confuse your users and/or annoy the hell out of them. I am currently running clamav via procmail. Josh -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Database initialize error
On Mon, 16 Feb 2004 at 9:46:48 -0700, Chadwick Wachs wrote: After installing ClamAV on OS X 1.3.2 (client with XTools), I am getting the following error when I try to run the application: [chadwick:/usr/local/bin] root# /usr/local/sbin/clamd LibClamAV debug: Loading databases from /var/clamav_db ERROR: Database initialization error. There is an empty directory /var/clamav_db. Where should the database be and how do I get it in there? Database files should be in the directory configured with DataDirectory directive. One must run freshclam after installing ClamAV. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Error Message
On Feb 16, 2004, at 00:34, Nigel Horne wrote: On Monday 16 Feb 2004 4:37 am, Doug Hardie wrote: Feb 15 19:14:18 1.4 zoon clamav-milter: ClamAv: private data not NULL What does the message mean and is there a configuration parameter I need to alter to avoid it? This sounds like an error thrown by sendmail even though sendmail makes it look like it came from clamav. Check your sendmail.mc file is correct. What operating system is this? FreeBSD 4.6 What arguments are you using to call clamav-milter? /usr/local/sbin/clamav-milter -f -q --quarantine-dir=/var/clamav Is clamd still running? (run ps -e | fgrep clamav, or ps -a | fgrep clamav according to your operating system). Yes it continues to run, however, after a few of those messages it quits scanning new messages and I start getting timeout messages. -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users -- Doug --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Error Message
On Feb 16, 2004, at 01:52, Andy Fiddaman wrote: On Mon, 16 Feb 2004, Nigel Horne wrote: ; On Monday 16 Feb 2004 4:37 am, Doug Hardie wrote: ; ; Feb 15 19:14:18 1.4 zoon clamav-milter: ClamAv: private data not NULL ; What does the message mean and is ; there a configuration parameter I need to alter to avoid it? ; ; This sounds like an error thrown by sendmail even though sendmail makes it ; look like it came from clamav. Check your sendmail.mc file is correct. This is a message from libmilter which means that the milter returned from cb_eom or that the milter context session terminated in some other way but that the context private data was not NULL - so it's a problem in the milter somewhere - probably just a condition where clamfi_cleanup isn't called. The warning is just to let you know that there's a memory leak. Thanks. I found the message in libmilter. I suspect this may be the reason that I periodically run out of memory. Occasionally sendmail completely loses all ability to function and I get a large string of out of memory errors from it (malloc unable to allocate). I have to restart sendmail, clamd, and clamav-milter to get things going again. (While I'm looking, there are also a few places where memory can leak in clamfi_envfrom. It mallocs the private data structure then can return without freeing it or assigning it to the session context, so it will never be cleaned up. It just needs a few free(privdata) calls before the 'return cl_error' lines.) Andy --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users -- Doug --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Problem scanning ZIP archives with clamdscan and not clamscan
I've encounted this problem: clamscan will scan zip files and detect a virus. clamdscan will not. clamdscan part.1.body.zip /tmp/part.1.body.zip: OK --- SCAN SUMMARY --- Infected files: 0 clamscan part.1.body.zip --- SCAN SUMMARY --- part.1.body.zip: Worm.Gibe.F FOUND Infected files: 1 I'm using clamav 0.65-3 for debian. This was all run from the command line on a zipped virus file. -- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Implementation Questions
Antony Stone mailto:[EMAIL PROTECTED] wrote: I run MailScanner http://www.mailscanner.info as a wrapper to ClamAV and SpamAssassin (it can also handle many other A-V engines, and does further tests checks of its own), and I find this a very good solution to handling email. I recently moved to MailScanner as well after discovering that I would not be able to use the clamav-milter given the special circumstances involved here. Wow. I'm really, really happy with it. It has one of the best install scripts I've ever seen for unix. It took a while to get it configured because it is *very* configurable. -- Michael St. Laurent Hartwell Corporation --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Implementation Questions
On Monday, February 16, 2004 10:27 AM [EST], Spam [EMAIL PROTECTED] wrote: I have installed ClamAV friday and have it successfully tagging viruses e-mail with a header, but am wondering how people have actually stoped the message that has a virus attached. It seems to me like the easiest way would be to just not devilver any mail that has a header saying it has a virus. Although this would work I would rather send the recipient of the letter a message saying that someone tried to send them a message, but it had a virus so it was stopped. I am curious to know how some of you have this setup. Any input would be appreciated. I am currently running clamav via procmail. I use exim 4.30 with the exiscan/local_scan patches which integrate clamav directly into exim. Works like a charm and stops a good portion of the viruses (still some MyDoom viruses getting through, not sure why). -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] feature request in virusdb ml
Hi, I would like to have information obout the severity/frequence of viruses add in the mailing list. It should be nice to know when a virus added is very dangerous and that an update is required urgently. At least add the information provided during submission about frequency of the virus. Thanks for the work of all the team. Your job is really appreciated. Regards. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] freshclam update rate
I searched the archives, but didn't see an answer so pardon me if it's a FAQ. How often is it reasonable to call freshclam (either from cron or in daemon mode) to check for new virusdb updates? Obviously there's a tradeoff between detecting fast spreading viruses like MyDoom and overloading the db servers. Is once an hour too often? Once every 3-4 hours? -Bill --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: clamav-devel 20040213 for windows
Date: Mon, 16 Feb 2004 16:15:58 +0700 From: Fajar A. Nugraha [EMAIL PROTECTED] Subject: Re: [Clamav-users] Re: clamav-devel 20040213 for windows Just as I thought. ANyway, the developers seems to have fixed this by adding O_BINARY (again) for Cygwin build only. As usual, you can get my precompiled daily build on www.clamav.or.id. Tested it earlier, and it works fine. In this your clamav/Windows build there is fixed 'MD5 problem', but seems not fixed temporary file creation error in mbox.c: this version failed to recognize most of real viruses. Here is result of small check on virus archive - found only 26 viruses from 179. --- SCAN SUMMARY --- Known viruses: 20724 Scanned directories: 1 Scanned files: 179 Infected files: 26 Data scanned: 55.32 MB I/O buffer size: 131072 bytes Time: 31.360 sec (0 m 31 s) Fajar, the right version of mbox.c is 1.40 and 1.42-44. 1.41 - wrong. The fixed version (posted to ftp://bitrix.eserv.ru/download/clamav1.rar 11.Feb.2004) works on any windows (with or w/o cygwin installed, not depends of LF/CRLF cygwin settings), clamDscan not inserts /cygdrive/, detects all viruses in virus archive, could be installed in any directory... --- SCAN SUMMARY --- Infected files: 179 Time: 70.156 sec (1 m 10 s) --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam update rate
Bill Randle wrote the following on 02/16/2004 10:12 PM : I searched the archives, but didn't see an answer so pardon me if it's a FAQ. How often is it reasonable to call freshclam (either from cron or in daemon mode) to check for new virusdb updates? Obviously there's a tradeoff between detecting fast spreading viruses like MyDoom and overloading the db servers. Is once an hour too often? Once every 3-4 hours? Once an hour is fine, but if you use crontab please add a once randomly chosen sleep between 0 and 3599 second before launching freshclam. As lots of people using crontab put something like 0 * * * * ... The database mirrors have huge peaks of bandwidth usage each hour (and what's not good for the mirrors isn't good for the virus db availability). Something like : # echo $[ $RANDOM % 3600 ] 0 * * * * sleep value_given_above; freshclam --quiet Best regards, -- Lionel Bouton - inet6 - o Siege social: 51, rue de Verdun - 92158 Suresnes / _ __ _ Acces Bureaux: 33 rue Benoit Malon - 92150 Suresnes / /\ /_ / /_ France \/ \/_ / /_/ Tel. +33 (0) 1 41 44 85 36 Inetsys S.A.Fax +33 (0) 1 46 97 20 10 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clamav-devel 20040213 for windows
Brian Bruns wrote: BTW, the only reason why we are putting out our own build (not to compete with you obviously) Obviously :) My builds are mainly for testing purposes; thus it is based on daily CVS snapshot. is because we are trying to eventually release a 'quality assured' version of clamav (if you could call it that), sorta like what ActiveState does with Perl. The idea being that once things are stabilized and we have clamav-win32 working like we want to, we are going to release 'stable' builds based on the most current version of clamav. Great ! We do the same thing with ircII EPIC4 For Windows and have had pretty good success. My hope is, that eventually, we might be able to create a native version of clamav for windows which does not require the cygwin layer, and would be able to compete directly with Norton AV or McAffee. That would be nice. What would be even better if you could come up with some kind of on-access scanning mechanism. Sort of clamuko-win32. I've got some of my internal developers tinkering with the code right now to see if we can do it easily or if we are out of our league. Naturally, any changes we make will obviously be contributed back :-) Again, great ! Regards, Fajar A. Nugraha --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] W32.Welchia.Worm
On Mon, 2004-02-16 at 14:49, Patricia Viana wrote: OK, it does some damage. like installing a small web server and overwriting html files for a screwed up page But after all, it does install some fixes and tries to remove the worms MyDoom.A and MyDoom.B!! It's probably the product of a pissed-off sysadmin... I once considered writing an Outlook virus that would set the Outlook settings to something secure and forward itself to everyone in your address book. I decided not to because of the risk of getting lynched -- and because I would have actually had to use Outlook meself As someone else mentioned, one of the big problems with Welchia is that it disrupts the network at least as much as msblast. I'd much rather have a Nessus plugin that would exploit the vulnerability to install the patch, but do nothing else. That way, I could auto-patch machines from my desk by merely lifting a finger over my left mouse button. :-)~ -Luke -- Luke Scharf, Systems Administrator Virginia Tech Aerospace and Ocean Engineering --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] TNEF?
Just curious... I have all these Outlook users who claim they need TNEF files to not be blocked anymore, does clamav directly un-encode them for scanning, or do I need to get a perl module or external executable? Thanks, Tommy PS: building this on Solaris is making me pull hair out.. more later :) -- Tommy McNeely - [EMAIL PROTECTED] Unix Administrator - Electro Domestico --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam update rate
On Mon, 2004-02-16 at 16:35, Lionel Bouton wrote: Once an hour is fine, but if you use crontab please add a once randomly chosen sleep between 0 and 3599 second before launching freshclam. As lots of people using crontab put something like 0 * * * * ... The database mirrors have huge peaks of bandwidth usage each hour (and what's not good for the mirrors isn't good for the virus db availability). Something like : # echo $[ $RANDOM % 3600 ] 0 * * * * sleep value_given_above; freshclam --quiet Why didn't I think of that?!? :-) To add more randomness, I did it like so (on a Linux box where bash is always available): SHELL=/bin/bash 0 * * * * sleep $[ $RANDOM % 3600 ] ; /usr/bin/freshclam --quiet This does seem more polite than hitting it hard, right on the hour. -Luke -- Luke Scharf, Systems Administrator Virginia Tech Aerospace and Ocean Engineering --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problems after freshclam
Hello, Have you fixed the Dazuko support yet? I have not seen any message in this list saying that it has been fixed. I just installed v0.66 today when I enabled ClamukoScanOnLine I get the following error message ERROR: Parse error at line 190: Unknown option ClamukoScanOnLine. ERROR: Can't open/parse the config file /usr/local/etc/clamav.conf --Lloyd Lloyd Albin [EMAIL PROTECTED] --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam update rate
On Mon, 2004-02-16 at 15:11, Luke Scharf wrote: On Mon, 2004-02-16 at 16:35, Lionel Bouton wrote: Once an hour is fine, but if you use crontab please add a once randomly chosen sleep between 0 and 3599 second before launching freshclam. As lots of people using crontab put something like 0 * * * * ... The database mirrors have huge peaks of bandwidth usage each hour (and what's not good for the mirrors isn't good for the virus db availability). Something like : # echo $[ $RANDOM % 3600 ] 0 * * * * sleep value_given_above; freshclam --quiet Why didn't I think of that?!? :-) To add more randomness, I did it like so (on a Linux box where bash is always available): SHELL=/bin/bash 0 * * * * sleep $[ $RANDOM % 3600 ] ; /usr/bin/freshclam --quiet This does seem more polite than hitting it hard, right on the hour. Excellent ideas! I will implement Luke's version. -Bill --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam update rate
Luke Scharf said: This does seem more polite than hitting it hard, right on the hour. -Luke -- Luke Scharf, Systems Administrator Virginia Tech Aerospace and Ocean Engineering If you use freshclam as a daemon, you don't have to worry about this as it randomizes it? -- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] feature request in virusdb ml
On Monday 16 February 2004 8:54 pm, Cedric Foll wrote: Hi, I would like to have information obout the severity/frequence of viruses add in the mailing list. It should be nice to know when a virus added is very dangerous and that an update is required urgently. At least add the information provided during submission about frequency of the virus. It is very difficult to tell how dangerous or severe a virus is, and therefore how urgent the update is, until it's really too late. How do you define dangerous? How quickly the virus spreads? Or what damage it does when it arrives? Either way, I'd prefer to get a quick signature for anything nasty rather than request the signature-creators spend extra time assessing the risk associated with a particular piece of code. I think most people attitude will be: If it's a virus, give me a signature quick! I don't care how bad the virus is - I just want protection from it. Regards, Antony. -- Never write it in Perl if you can do it in Awk. Never do it in Awk if sed can handle it. Never use sed when tr can do the job. Never invoke tr when cat is sufficient. Avoid using cat whenever possible. Please reply to the list; please don't CC me. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] New user--- Frashclam error
Anyone have any ideas what I'm doing wrong? C:\clamav-devel\binfreshclamClamAV update process started at Mon Feb 16 20:00:41 2004Reading CVD header (main.cvd): OKmain.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm)Reading CVD header (daily.cvd): OKDownloading daily.cvd [*]ERROR: Verification: MD5 verification error.Trying again...ClamAV update process started at Mon Feb 16 20:00:44 2004Reading CVD header (main.cvd): OKmain.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm)Reading CVD header (daily.cvd): OKDownloading daily.cvd [*]ERROR: Verification: MD5 verification error.Trying again...ClamAV update process started at Mon Feb 16 20:00:45 2004Reading CVD header (main.cvd): OKmain.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm)Reading CVD header (daily.cvd): OKDownloading daily.cvd [*]ERROR: Verification: MD5 verification error.Giving up... Thanks Dave
Re: [Clamav-users] W32.Welchia.Worm
On Mon, 2004-02-16 at 14:49, Patricia Viana wrote: Could this be considered a well-intended virus?!?! I work for a school system with about 2000 computers on our network. Welchia Shut down our network for 4 days until we perfected a way to squash it. (Norton was no help at all BTW) Personally I work like to wrap my hands around the person that wrote this well-intended worm. There is no such thing as a good worm or virus. -- Russel Oliver [EMAIL PROTECTED] --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: Re: making clamav on solaris {Scanned}
On Sun, 08 Feb 2004 15:34:01 +, Andy Fiddaman wrote: Probably worth mentioning at this point that the 'whoami' utility isn't standard in core solaris either, that needs the SUNWscpu (SunOS 4.x compatibility utilities) - who am i | awk '{print$1}' does the same though. Andy [EMAIL PROTECTED] clamav-0.67]# who am i tommy pts/2Jan 29 14:56(pickles) [EMAIL PROTECTED] clamav-0.67]# /usr/ucb/whoami root Just thought I would mention that whoami and who am i are not quite the same... its better to do something like id | grep -c root .. but even that can be thrown off Tommy --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: Re: making clamav on solaris {Scanned}
As a caveat, sometimes the 'who am i' will return something more along the lines of: username!host pts. such that the awk solution may or may not work... Might think to awk or cut the line, and then a sed to be sure to get just the username... Carl On Mon, 16 Feb 2004, Tommy McNeely wrote: On Sun, 08 Feb 2004 15:34:01 +, Andy Fiddaman wrote: Probably worth mentioning at this point that the 'whoami' utility isn't standard in core solaris either, that needs the SUNWscpu (SunOS 4.x compatibility utilities) - who am i | awk '{print$1}' does the same though. Andy [EMAIL PROTECTED] clamav-0.67]# who am i tommy pts/2Jan 29 14:56(pickles) [EMAIL PROTECTED] clamav-0.67]# /usr/ucb/whoami root Just thought I would mention that whoami and who am i are not quite the same... its better to do something like id | grep -c root .. but even that can be thrown off Tommy --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users - -- There are 10 types of people in the world: Those who understand binary and those that don't. $whoami: Carl Holtje $mail holtje: [EMAIL PROTECTED] $cu: http://www.cs.rit.edu/~cwh0803 $whois holtje: System Administrator Group Computer Science Department Rochester Institute of Technology $ --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Clamav false positive?
Firstly, I'd like to say thank you for such a useful utility. My question concerns scanning a Windows partition from a Linux partition on the same drive. Running Clamav 0.65-3 on Debian based Libranet, scanned a WinME partition and came up with the report that FunLove.4099 had been found in several drivers (LAN I think). Looking through the files with MC turned up the text '~Fun Loving Criminal~' several times in each one. File creation date the same for each, August 13 2000. Why I'm unsure is that my free Windows anti-virus program never detected it. But I was unsure and downloaded the Symantec cleaning tool. It didn't find anything. Is there some inherent risk for false positives with scanning Windows from Linux? Thank you. Sam Miller --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Upgrading to ClamAV 0.67 from 0.65
* Craig Daters [EMAIL PROTECTED] [20040216 21:11]: wrote: $ ./configure --sysconfdir=/etc I do the same, but I am particular about the options I pass to configure. What kind of options are you particular about? Should I be particular about them too? ./configure --disable-clamav --enable-bigstack --with-group=mail \ --disable-clamuko --with-user=exim You can see what they do by doing ./configure --help | more cheers - wash +--+-+ Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE) | wash at wananchi dot com . 1ere Etage, Loita Hse, Loita St., | GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI | GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 | +-+--+ Oh My God! They killed init! You Bastards! --from a /. post --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: TNEF?
Tommy McNeely wrote: Just curious... I have all these Outlook users who claim they need TNEF files to not be blocked anymore, does clamav directly un-encode them for scanning, or do I need to get a perl module or external executable? Ask your Outlook users what they think the TNEF attachments do, because AFAIK, the only thing it's good for is distributing information they never intended to send. Outlook can be configured not to bother with TNEF, though it is not by default (naturally). Most non-Microsoft clients cannot decode TNEF, and will not bother. If they change their default format to (yuck) HTML, then they will get all the formatting they like in a generally portable manner. Winmail.dat attachments are dropped at many gateways, in any case. Sorry, this does nothing to help you, I just felt like ranting about yet another annoyance of using proprietary crap like Outlook. --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Implementation Questions
Brian Bruns wrote: I use exim 4.30 with the exiscan/local_scan patches Hey, another thing we share in common! which integrate clamav directly into exim. Works like a charm Very true! It can reject virus right at SMTP time, AND with less CPU load than those perl-scanners too :) and stops a good portion of the viruses (still some MyDoom viruses getting through, not sure why). In my case, sometimes it's because I get can't connect to /tmp/clamd errors. I have another ClamAV at the real mailserver (not exim), so I can simply let all mail pass thru when this error happens on exim/exiscan. I tag emails with warn during virus checks, not with a deny so that mail processing continue even if clamd fails. How do you setup yours? Regards, Fajar A. Nugraha --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] New user--- Frashclam error
isp-lists [at] beachcomp.com wrote: Anyone have any ideas what I'm doing wrong? You're not doing anything wrong. It's a known problem with older ClamAV on Win32 machines without Cygwin. C:\*clamav-devel*\binfreshclam I assume you're using Brian Burns' build from www.sosdg.org ? Newer CVS snapshot don't have this problem anymore. You could build your own, or wait till Brian releases another build, or use my build on clamav.or.id. Regards, Fajar A. Nugraha --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam update rate
Lucas Albers wrote the following on 02/17/2004 01:17 AM : Luke Scharf said: This does seem more polite than hitting it hard, right on the hour. -Luke -- Luke Scharf, Systems Administrator Virginia Tech Aerospace and Ocean Engineering If you use freshclam as a daemon, you don't have to worry about this as it randomizes it? Yes But in the crontab case be aware that the mean time between updates in : 0 * * * * sleep $[ $RANDOM % 3600 ] ; /usr/bin/freshclam --quiet is 3600s, but between 2 updates the delay can be anywhere between 1 and 7199s. Computing $RANDOM doesn't bring anything to the overall distribution quality too. -- Lionel Bouton - inet6 - o Siege social: 51, rue de Verdun - 92158 Suresnes / _ __ _ Acces Bureaux: 33 rue Benoit Malon - 92150 Suresnes / /\ /_ / /_ France \/ \/_ / /_/ Tel. +33 (0) 1 41 44 85 36 Inetsys S.A.Fax +33 (0) 1 46 97 20 10 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users