[Clamav-users] Re: clamav-devel 20040213 for windows

2004-02-16 Thread Ignasi Prat 
 I tried my build on non-cygwin Win2k's, and they have MD5 verification
 error too.
 I still can't figure out why Ignasi Pratt's build has handle_exceptions
 error though.

Efectively I have no CYGWIN installed. I have not had time yet. All machines
I tested had no CYGWIN installed. All crushed with MD5.

Handle_exceptions apeared only on the binaries of precompiled CVS in
clamav_devel_latest aproximately since 17th of February.

Compilation of 14th has no Handle_exceptions. Only MD5 error probably on all
non CYGWIN machines.

Shouldn't we have to set a simple system variable on DOS ?

Can people that have CYGWIN machines test if they have any line refering to
CYGWIN when they type SET under a DOS box ?

Best regards,

 Ignasi Prat





---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Error Message

2004-02-16 Thread Nigel Horne 
On Monday 16 Feb 2004 4:37 am, Doug Hardie wrote:

 Feb 15 19:14:18 1.4 zoon clamav-milter: ClamAv: private data not NULL
  What does the message mean and is
 there a configuration parameter I need to alter to avoid it?

This sounds like an error thrown by sendmail even though sendmail makes it
look like it came from clamav. Check your sendmail.mc file is correct.

What operating system is this?
What arguments are you using to call clamav-milter?
Is clamd still running? (run ps -e | fgrep clamav, or ps -a | fgrep clamav according 
to your operating system).

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamav-devel 20040216 for windows

2004-02-16 Thread Ignasi Prat 
Hi everyone at Clamav:

The today's CVS downloaded at http://clamav.or.id/ is does not give an MD5
verification error but gives this error:

C:\clamav-devel-latest\binfreshclam -v
Current working dir is /cygdrive/c/clamav-devel-latest/share/clamav
Max retries == 3
ClamAV update process started at Mon Feb 16 09:56:21 2004
Connected to clamav.antispam.or.id (202.134.0.71).
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm)
Connected to clamav.antispam.or.id (202.134.0.71).
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
 10 [main] freshclam 1856 handle_exceptions: Exception:
STATUS_ILLEGAL_INSTR
UCTION
   7543 [main] freshclam 1856 open_stackdumpfile: Dumping stack trace to
freshcl
am.exe.stackdump

C:\clamav-devel-latest\binfreshclam -V
freshclam / ClamAV version devel-20040216

The same error is issued by clamscan and clamd:

C:\clamav-devel-latest\binclamscan
 11 [main] clamscan 804 handle_exceptions: Exception:
STATUS_ILLEGAL_INSTRUC
TION
   2344 [main] clamscan 804 open_stackdumpfile: Dumping stack trace to
clamscan.
exe.stackdump

C:\clamav-devel-latest\binclamd
 11 [main] clamd 1724 handle_exceptions: Exception:
STATUS_ILLEGAL_INSTRUCTI
ON
   2660 [main] clamd 1724 open_stackdumpfile: Dumping stack trace to
clamd.exe.s
tackdump

Probably this error is only issued with non instaleld CYGWIN machines. Could
anyone check this assumption ?

Keep up the good job ! Best regards,

 Ignasi Prat





---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: clamav-devel 20040213 for windows

2004-02-16 Thread Fajar A. Nugraha 
Ignasi Prat wrote:

I tried my build on non-cygwin Win2k's, and they have MD5 verification
error too.
   

Efectively I have *no CYGWIN installed.* I have not had time yet. All machines
I tested had no CYGWIN installed. All crushed with MD5.
 

Just as I thought. ANyway, the developers seems to have fixed this by 
adding O_BINARY (again) for Cygwin build only.
As usual, you can get my precompiled daily build on www.clamav.or.id.
Tested it earlier, and it works fine.

Handle_exceptions apeared only on the binaries of *precompiled* CVS in
clamav_devel_latest aproximately since 17th of February.
 

Meaning you use my build? How odd. With or without cygwin, I never get 
THAT error.

Regards,

Fajar A. Nugraha

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamscan -m segfault , possibly a big problem

2004-02-16 Thread Tomasz Papszun 
On Sun, 15 Feb 2004 at 22:34:09 -0700, Starbane wrote:
[...]
 --- SCAN SUMMARY ---
 Known viruses: 41374
 ^
You've got some superfluous database files.
There are only 20718 signatures currently.

Maybe you've got old format database files left. You should remove
needless files from database directory not only because they
unnecessarily use more memory, but also because after we remove any
possible false positive signature from current database, you'll still
have it in your setup, which may cause false alarms.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES

2004-02-16 Thread Antony Stone 
On Monday 16 February 2004 1:43 am, Muhamad Soleh Fajari wrote:

 Peter Bonivart wrote:
  Mário Luis Ghoneim wrote:
  What does it means?
 
  It means it can't check the digital signatures. It downloads the
  updates anyway but you can't be sure they have not been compromised.
 
  How can I to solve it?
 
  Download GMP here: http://www.swox.com/gmp

 how about if I am not install GMP ?, must i install gmp ? what's the impact
 if i'm not install it ?

If you don't install it then you won't be able to verify digital signatures, 
and you will get a warning message from freshclam.   The anti-virus scanning 
will still work as normal, you just can't be sure your AV database is 
genuine.

Regards,

Antony.

-- 
Software development can be quick, high quality, or low cost.

The customer gets to pick any two out of three.

 Please reply to the list;
   please don't CC me.



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56alloc_id438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav-devel 20040216 for windows

2004-02-16 Thread Fajar A. Nugraha 
Ignasi Prat wrote:

Hi everyone at Clamav:

The today's CVS downloaded at http://clamav.or.id/ is does not give an MD5
verification error but gives this error:
 

Seems I replied your previous post too early :)

C:\clamav-devel-latest\binfreshclam -v
[snip]
STATUS_ILLEGAL_INSTR
UCTION
  7543 [main] freshclam 1856 open_stackdumpfile: Dumping stack trace to
freshcl
am.exe.stackdump
[snip]
 


The same error is issued by clamscan and clamd:

[snip]


Probably this error is only issued with non instaleld CYGWIN machines. Could
anyone check this assumption ?
 

At least I know that this error is NOT because you don't have cygwin 
installed.

C:\clamav-devel-latestbin\freshclam
ClamAV update process started at Mon Feb 16 16:40:06 2004
Reading CVD header (main.cvd): OK
Downloading main.cvd [*]
main.cvd updated (version: 19, sigs: 19987, f-level: 1, builder: ddm)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
daily.cvd updated (version: 130, sigs: 731, f-level: 1, builder: ccordes)
Database updated (20718 signatures) from clamav.antispam.or.id 
(202.134.0.71).
connect(): Connection refused
ERROR: Can't connect to clamd.

C:\clamav-devel-latestbin\clamscan share\clamav\test
share\clamav\test/debugm.c: OK
share\clamav\test/rarfail.rar: RAR module failure.
share\clamav\test/rarfail.rar: OK
share\clamav\test/README: OK
share\clamav\test/test1: ClamAV-Test-Signature FOUND
share\clamav\test/test1.bz2: ClamAV-Test-Signature FOUND
share\clamav\test/test2.badext: ClamAV-Test-Signature FOUND
share\clamav\test/test2.zip: ClamAV-Test-Signature FOUND
share\clamav\test/test3.rar: ClamAV-Test-Signature FOUND
--- SCAN SUMMARY ---
Known viruses: 20718
Scanned directories: 1
Scanned files: 8
Infected files: 5
Data scanned: 0.00 MB
I/O buffer size: 131072 bytes
Time: 0.592 sec (0 m 0 s)
C:\clamav-devel-latestbin\clamscan -V
clamscan / ClamAV version devel-20040216
This is on W2K, Sp4, no Cygwin.
Again, have you tried it in other machines?
Regards,

Fajar A. Nugraha

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Segmentation fault clamav clamav-milter

2004-02-16 Thread Trog 
On Sun, 2004-02-15 at 21:47, Patrik wrote:
 Running clamav and clamav-milter on linux:
 ClamAV version devel-20040210, clamav-milter version 0.66m
 We're having lots of mails out and in from server everyday but we're
 not really able to trust clamd because it quits randomly.
 clamd.log says:
 
 Thu Feb 12 13:16:46 2004 - Session 1 stopped due to timeout.
 Thu Feb 12 13:31:36 2004 - stream: Worm.SCO.A FOUND
 Thu Feb 12 13:31:37 2004 - stream: Worm.SCO.A FOUND
 Thu Feb 12 13:37:30 2004 - Segmentation fault :-( Bye..
 
 It doesnt start itself again and the mail doesnt leave or arrive from/to
 server.
 At this time clamav-milter also quits.
 

Looks like known clamd broken behaviour. Hopefully the new version of
clamd will get committed to CVS today.

-trog



signature.asc
Description: This is a digitally signed message part

Re: [Clamav-users] Error Message

2004-02-16 Thread Andy Fiddaman 


On Mon, 16 Feb 2004, Nigel Horne wrote:

; On Monday 16 Feb 2004 4:37 am, Doug Hardie wrote:
;
;  Feb 15 19:14:18 1.4 zoon clamav-milter: ClamAv: private data not NULL
;   What does the message mean and is
;  there a configuration parameter I need to alter to avoid it?
;
; This sounds like an error thrown by sendmail even though sendmail makes it
; look like it came from clamav. Check your sendmail.mc file is correct.

This is a message from libmilter which means that the milter returned from
cb_eom or that the milter context session terminated in some other way but
that the context private data was not NULL - so it's a problem in the
milter somewhere - probably just a condition where clamfi_cleanup isn't
called. The warning is just to let you know that there's a memory leak.

(While I'm looking, there are also a few places where memory can leak in
clamfi_envfrom. It mallocs the private data structure then can return
without freeing it or assigning it to the session context, so it will
never be cleaned up. It just needs a few free(privdata) calls before the
'return cl_error' lines.)

Andy


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: Clamscan -m segfault , possibly a big problem

2004-02-16 Thread Starbane 
Tomasz Papszun wrote:
On Sun, 15 Feb 2004 at 22:34:09 -0700, Starbane wrote:
[...]
--- SCAN SUMMARY ---
Known viruses: 41374
 ^
You've got some superfluous database files.
There are only 20718 signatures currently.
Maybe you've got old format database files left. You should remove
needless files from database directory not only because they
unnecessarily use more memory, but also because after we remove any
possible false positive signature from current database, you'll still
have it in your setup, which may cause false alarms.
Of course, that;s unrelated to the (no longer a-) problem, but I was 
under the impression that if the new database mirrors were hosed and my 
cvd's became corrupt, it might be helpful to retain the old viruses.db 
files.

I have no lack of Ram or  cpu time on these servers - is this really a 
concern?  I've seen a few repsones to various issues with the cvd files 
saying that the old databses should be retained.  Bad info?



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: Clamscan -m segfault , possibly a big problem

2004-02-16 Thread Tomasz Papszun 
On Mon, 16 Feb 2004 at  3:10:48 -0700, Starbane wrote:
 Tomasz Papszun wrote:
 On Sun, 15 Feb 2004 at 22:34:09 -0700, Starbane wrote:
 --- SCAN SUMMARY ---
 Known viruses: 41374
  ^
 You've got some superfluous database files.
 There are only 20718 signatures currently.
 
 Maybe you've got old format database files left. You should remove
 needless files from database directory not only because they
 unnecessarily use more memory, but also because after we remove any
 possible false positive signature from current database, you'll still
 have it in your setup, which may cause false alarms.
 
 
 Of course, that;s unrelated to the (no longer a-) problem, but I was 

Of course. I just forgot to add BTW in my message.

 under the impression that if the new database mirrors were hosed and my 

Why would they? :-)  In fact, new database mirrors are much better.

 cvd's became corrupt, it might be helpful to retain the old viruses.db 
 files.
 
 I have no lack of Ram or  cpu time on these servers - is this really a 
 concern?  

Probably not. Just possible old false positive alarms can happen.

 I've seen a few repsones to various issues with the cvd files 
 saying that the old databses should be retained.  Bad info?

I think so. I don't remember such advices.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: clamav-devel 20040216 for windows

2004-02-16 Thread Ignasi Prat 
 Seems I replied your previous post too early :)

Using your daily CVS's since last week. :D

 C:\clamav-devel-latest\binfreshclam -v
 [snip]
 
 STATUS_ILLEGAL_INSTR
 UCTION
7543 [main] freshclam 1856 open_stackdumpfile: Dumping stack trace to
 freshcl
 am.exe.stackdump
 [snip]
 
 

 The same error is issued by clamscan and clamd:
 
 [snip]
 

This is on W2K, Sp4, no Cygwin.
 Again, have you tried it in other machines?

Confirmed Fajar, there is no relation between Cygwin and new Errors:

5 machines tested by now and only one succeded, all other 4 failed.

The only one working is a Pentium 4 2666MHz with Windows Server 2003.

All other machines are failing with:

P2-300 Win2000Pro
P3-500 Win2000Pro
P2-333 WinXPPro
P2-333 WinXPPro

And issue diferent line number (I thought it could be the line number but
not) on each test (even in the same machine).

Don't see any apreciable diference except speed (don't think so) or system
(but you are working under WinXP). All folders shared to everyone to avoid
conflicts, but the only computer working is the least shared (because it was
the server it was shared only to admin and a special user).

Tell me if I can do any further log's or tests.

Best regards,

 Ignasi Prat





---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Freshclam checks.

2004-02-16 Thread Carles Xavier Munyoz Bald 
Hi,
I'm running freshcam in daemon mode and cheking for updates 2 times at day.
I have seen in the log file that it is doing the check every 2 hours istead of 
2 times at day.

I launch the daemon this way:
/internet/ClamAV/bin/freshclam -d --checks=2 --quiet -l 
/internet/ClamAV/log/freshclam.log

What am I doing wrong ?

Greetings.
---
Carles Xavier Munyoz Baldó
[EMAIL PROTECTED]
http://www.unlimitedmail.net/
---



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56alloc_id438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] help required with out of memory error

2004-02-16 Thread jason . walton 
Hi,
I've had spam assassin running with sendmail perfectly well for ages now. 
I then thought I'd add in clamav using the the defaults (if it isn't bust, 
don't fix it).
Environment being run in is:
Solaris 8 (intel)
Sendmail 8.12.9
Spam Assassin 2.61
clamav 0.66
gcc 3.2.2

I have tried gcc 2.95 also clamav 0.54, 0.60 (couldn't get 0.54 to see any 
milters)

However, any emails coming in or out, seem to freak out sendmail and spam 
assassin, here are the lines from a startup (please note that starting 
sendmail first or last makes no difference).


/etc/init.d/virusClam start 
-n Starting clamav: 
LibClamAV debug: Loading databases from /opt/share/clamav 
LibClamAV debug: Loading /opt/share/clamav/main.cvd 
LibClamAV debug: /opt/share/clamav/main.cvd: CVD file detected 
LibClamAV debug: in cli_cvdload() 
LibClamAV debug: MD5(.tar.gz) = 46b4b24055925f69a6d5d7802dbd1479 
LibClamAV debug: in cli_untgz() 
LibClamAV debug: Unpacking /var/tmp//f3f2ef5a26039f0e/COPYING 
LibClamAV debug: Unpacking /var/tmp//f3f2ef5a26039f0e/viruses.db 
LibClamAV debug: Loading databases from /var/tmp//f3f2ef5a26039f0e 
LibClamAV debug: Loading /var/tmp//f3f2ef5a26039f0e/viruses.db 
LibClamAV debug: Initializing trie. 
LibClamAV debug: Loading /opt/share/clamav/daily.cvd 
LibClamAV debug: /opt/share/clamav/daily.cvd: CVD file detected 
LibClamAV debug: in cli_cvdload() 
LibClamAV debug: MD5(.tar.gz) = 005bfd46ade752d83cf3179a2c711d8b 
LibClamAV debug: in cli_untgz() 
LibClamAV debug: Unpacking /var/tmp//28e07b8bd9f4611e/COPYING 
LibClamAV debug: Unpacking /var/tmp//28e07b8bd9f4611e/viruses.db2 
LibClamAV debug: Loading databases from /var/tmp//28e07b8bd9f4611e 
LibClamAV debug: Loading /var/tmp//28e07b8bd9f4611e/viruses.db2 


./testSendmailIn 
[EMAIL PROTECTED] Connecting to localhost.nomadsoft.co.uk. via 
relay... 
421 4.0.0 out of memory: Not enough space 
 QUIT 
[EMAIL PROTECTED] Deferred: 421 4.0.0 out of memory: Not 
enough space 
Closing connection to localhost.nomadsoft.co.uk. 


/etc/init.d/virusClam stop 
-n Shutting down clamav: 


cheers



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam checks.

2004-02-16 Thread Tomasz Papszun 
On Mon, 16 Feb 2004 at 13:38:27 +0100, Carles Xavier Munyoz Baldó wrote:
 Hi,
 I'm running freshcam in daemon mode and cheking for updates 2 times at day.
 I have seen in the log file that it is doing the check every 2 hours istead of 
 2 times at day.
 
 I launch the daemon this way:
 /internet/ClamAV/bin/freshclam -d --checks=2 --quiet -l 
 /internet/ClamAV/log/freshclam.log
 
 What am I doing wrong ?

Maybe you have also a cronjob which executes freshclam?

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam checks.

2004-02-16 Thread Tomasz Kojm 
On Mon, 16 Feb 2004 13:38:27 +0100
Carles Xavier Munyoz Bald [EMAIL PROTECTED] wrote:

 Hi,
 I'm running freshcam in daemon mode and cheking for updates 2 times at
 day. I have seen in the log file that it is doing the check every 2
 hours istead of 2 times at day.
 
 I launch the daemon this way:
 /internet/ClamAV/bin/freshclam -d --checks=2 --quiet -l 
 /internet/ClamAV/log/freshclam.log
 
 What am I doing wrong ?

It seems freshclam is more responsible than you ;-)

Best regards,
Tomasz Kojm
-- 
  oo.   [EMAIL PROTECTED] www.ClamAV.net
 (\/)\. http://www.clamav.net/gpg/tkojm.gpg
\..._   0DCA5A08407D5288279DB43454822DC8985A444B
  //\   /\  Mon Feb 16 14:37:50 CET 2004


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] Freshclam checks.

2004-02-16 Thread Tom Gwilt 
On Mon, 16 Feb 2004, Tomasz Papszun wrote:

 On Mon, 16 Feb 2004 at 13:38:27 +0100, Carles Xavier Munyoz Baldó wrote:
  Hi,
  I'm running freshcam in daemon mode and cheking for updates 2 times at day.
  I have seen in the log file that it is doing the check every 2 hours istead of 
  2 times at day.
  
  I launch the daemon this way:
  /internet/ClamAV/bin/freshclam -d --checks=2 --quiet -l 
  /internet/ClamAV/log/freshclam.log
  
  What am I doing wrong ?

Check for a freshclam.conf file and check the settings there. Usually 
found in an /etc or /usr/local/etc directory.

Tom



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56alloc_id438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav-devel-20040215 : automake build error on Fedora Core 1

2004-02-16 Thread Tomasz Kojm 
On Mon, 16 Feb 2004 13:24:55 +0700
Fajar A. Nugraha [EMAIL PROTECTED] wrote:

 automake-1.6 --gnu  Makefile
 aclocal.m4:4200: version mismatch.  This is Automake 1.6.3, but
 aclocal.m4 aclocal.m4:4200: was generated for Automake 1.6.1.  You
 should recreate aclocal.m4:4200: aclocal.m4 with aclocal and run
 automake again. make: *** [Makefile.in] Error 1

Fixed

Best regards,
Tomasz Kojm
-- 
  oo.   [EMAIL PROTECTED] www.ClamAV.net
 (\/)\. http://www.clamav.net/gpg/tkojm.gpg
\..._   0DCA5A08407D5288279DB43454822DC8985A444B
  //\   /\  Mon Feb 16 14:15:28 CET 2004


pgp0.pgp
Description: PGP signature

[Clamav-users] Upgrading to ClamAV 0.67 from 0.65

2004-02-16 Thread Craig Daters 
I installed 0.65 on a RH9 system using the source install (as opposed 
to the RPM) and I now want to upgrade to 0.67 using the same method. 
What is the proper way to do this? Is there and uninstall/upgrade 
method for doing this?

Or, do I just download it, un-tar the 0.67 files then run:

$ ./configure --sysconfdir=/etc
$ make
$ su -c make install
I seem to recall that someone had asked this, but cannot find it in the list.

If I do have to un-install the 0.65 install, how do I go about this? 
I am used to working with RPM binaries, but I want to get into 
installing from source files instead to get a better idea of the 
installation process.

Any help would be appreciated

Regards,

Craig D.
--
--
Craig Daters ([EMAIL PROTECTED])
Systems Administrator
West Press Printing
1663 West Grant Road
Tucson, Arizona 85745-1433
Tel: 520-624-4939
Fax: 520-624-2715
www.westpress.com

--

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Implementation Questions

2004-02-16 Thread Spam 



I have installed ClamAV friday and have it 
successfully tagging viruses e-mail with a header, but am wondering how people 
have actually stoped the message that has a virus attached.

It seems to me like the easiest way would be to 
just not devilver any mail that has a header saying it has a virus. 
Although this would work I would rather send the recipient of the letter a 
message saying that someone tried to send them a message, but it had a virus so 
it was stopped. I am curious to know how some of you have this 
setup. Any input would be appreciated.

I am currently running clamav via 
procmail.

Josh

Re: [Clamav-users] Implementation Questions

2004-02-16 Thread Antony Stone 
On Monday 16 February 2004 3:27 pm, Spam wrote:

 I have installed ClamAV friday and have it successfully tagging viruses
 e-mail with a header, but am wondering how people have actually stoped the
 message that has a virus attached.

 It seems to me like the easiest way would be to just not devilver any mail
 that has a header saying it has a virus.  Although this would work I would
 rather send the recipient of the letter a message saying that someone tried
 to send them a message, but it had a virus so it was stopped.  I am curious
 to know how some of you have this setup.  Any input would be appreciated.

I run MailScanner http://www.mailscanner.info as a wrapper to ClamAV and 
SpamAssassin (it can also handle many other A-V engines, and does further 
tests  checks of its own), and I find this a very good solution to handling 
email.

Regards,

Antony.

-- 
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?

 Please reply to the list;
   please don't CC me.



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Upgrading to ClamAV 0.67 from 0.65

2004-02-16 Thread Jesper Juhl 

On Mon, 16 Feb 2004, Craig Daters wrote:

 I installed 0.65 on a RH9 system using the source install (as opposed
 to the RPM) and I now want to upgrade to 0.67 using the same method.
 What is the proper way to do this? Is there and uninstall/upgrade
 method for doing this?

 Or, do I just download it, un-tar the 0.67 files then run:

 $ ./configure --sysconfdir=/etc
 $ make
 $ su -c make install

 I seem to recall that someone had asked this, but cannot find it in the list.

 If I do have to un-install the 0.65 install, how do I go about this?
 I am used to working with RPM binaries, but I want to get into
 installing from source files instead to get a better idea of the
 installation process.

 Any help would be appreciated


Here's what I do personally which seems to work great;

I'm using Slackware Linux, and I build ClamAV from source. But, I don't
want to just do make install as that leaves me with the responsabillity
to manually clean out old versions by hand etc. So what I do instead is
use checkinstall.  checkinstall is a tool that'll monitor an
installation done by make install and then it'll build a package for
your distribution that you can later uninstall or upgrade with your
distributions standard tools.  checkinstall can build both Slackware
packages, RPMs, Debian .deb packages etc.

Here's an example of how I do it (you would ofcourse use rpm in place of
my use of slackwares installpkg/removepkg/upgradepkg tools).

  ; First I configure clamav-0.65
$ ./configure with whatever options I want to use
  ; then I build it
$ make
  ; then we change to the root user to install/build package
$ su
  ; then we run checkinstall (which then runs 'make install' and monitor it)
# checkinstall -S
  ; the -S option tells checkinstall to build a Slackware package,
  ; you'd ofcourse want to build a RedHat one
  ; you can run checkinstall without any options and it will ask
  ; what distribution to build a package for
  ; now, after checkinstall finishes I'm left with a Slackware package
  ; named  clamav-0.65-i486-01.tgz which I can then install
# installpkg clamav-0.65-i486-01.tgz

  ; Now that was pretty easy...
  ; if I want to remove clam again I can now simply run
# removepkg clamav-0.65-i486-01
  ; just as with any other package

Now, let's assume I have 0.65 installed as pr the instructions above and I
download 0.67 and want to upgrade. Then I'd first build 0.67 *just like* I
did with the 0.65 version above. This time I'l be left with a package
called clamav-0.67-i486-01.tgz , and to upgrade I only have to run

# upgradepkg clamav-0.67-i486-01.tgz

And the magic happens :-)

Same thing with RedHat, except you'd use rpm -i etc to
install/remove/upgrade the generated packages.

You can find checkinstall here :
http://asic-linux.com.mx/~izto/checkinstall/index.php

I'm personally using the latest checkinstall-1.6.0beta3 version which
works like a charm.

You should read the very informative README file here :
http://asic-linux.com.mx/~izto/checkinstall/docs/README
If you want all the details, but simple usage like above should do you
just fine in most cases.

In my oppinion checkinstall is a life saver when doing a lot of source
installs of software.


Kind regards,

Jesper Juhl



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Implementation Questions

2004-02-16 Thread Craig Daters 
MailScanner at http://www.mailscanner.info does this quite nicely! It 
is easy to install and get up and running.

I have installed ClamAV friday and have it successfully tagging 
viruses e-mail with a header, but am wondering how people have 
actually stoped the message that has a virus attached.

It seems to me like the easiest way would be to just not devilver 
any mail that has a header saying it has a virus.  Although this 
would work I would rather send the recipient of the letter a message 
saying that someone tried to send them a message, but it had a virus 
so it was stopped.  I am curious to know how some of you have this 
setup.  Any input would be appreciated.

I am currently running clamav via procmail.

Josh


--
--
Craig Daters ([EMAIL PROTECTED])
Systems Administrator
West Press Printing
1663 West Grant Road
Tucson, Arizona 85745-1433
Tel: 520-624-4939
Fax: 520-624-2715
www.westpress.com

--

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: help required with out of memory error

2004-02-16 Thread jason . walton 
HELP!

Just in case it was down to the version of clamAV I was running, I just 
upgraded to the latest version (0.67-1) and I get the same errors:

 ./testSendmailIn
[EMAIL PROTECTED] Connecting to localhost.nomadsoft.co.uk. via 
relay...
421 4.0.0 out of memory: Not enough space
 QUIT
[EMAIL PROTECTED] Deferred: 421 4.0.0 out of memory: Not 
enough space
Closing connection to localhost.nomadsoft.co.uk.

from my mail log:
Feb 16 15:56:03 giggs spamass-milter[25751]: [ID 718232 mail.error] 
spamass-milter 0.2.0+cvs starting
Feb 16 15:56:06 giggs sm-mta[25761]: [ID 702911 mail.info] starting daemon 
(8.12.9): [EMAIL PROTECTED]:05:00
Feb 16 15:56:06 giggs sm-mta[25762]: [ID 801593 mail.info] i1GFt5w8025637: 
to=[EMAIL PROTECTED], ctladdr=[EMAIL PROTECTED] 
(0/1), delay=00:01:01, xdelay=00:00:00, mailer=relay, pri=120373, 
relay=mail.uk.nomadsoft.com. [192.168.2.4], dsn=2.0.0, stat=Sent (Message 
accepted for delivery)
Feb 16 15:56:13 giggs.nomadsoft.co.uk spamd[25758]: server started on port 
783/tcp (running version 2.61)
Feb 16 15:56:32 giggs sendmail[25773]: [ID 801593 mail.info] 
i1GFuWTb025773: from=jwalton, size=89, class=0, nrcpts=1, 
msgid=[EMAIL PROTECTED], 
[EMAIL PROTECTED]
Feb 16 15:56:32 giggs sm-mta[25774]: [ID 801593 mail.alert] 
i1GFuWxJ025774: SYSERR(root): out of memory: Not enough space
Feb 16 15:56:32 giggs spamass-milter[25751]: [ID 275715 mail.error] NULL 
context in mlfi_close! Should not happen!
Feb 16 15:56:32 giggs sendmail[25773]: [ID 801593 mail.info] 
i1GFuWTb025773: [EMAIL PROTECTED], ctladdr=jwalton 
(10754/10860), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30081, 
relay=localhost.nomadsoft.co.uk. [IPv6:::1], dsn=4.0.0, stat=Deferred: 421 
4.0.0 out of memory: Not enough space
giggs:/giggs/scripts#

from the clamAV log:
Mon Feb 16 15:55:36 2004 - +++ Started at Mon Feb 16 15:55:36 2004
Mon Feb 16 15:55:36 2004 - Log file size limited to 1048576 bytes.
Mon Feb 16 15:55:36 2004 - Verbose logging activated.
Mon Feb 16 15:55:36 2004 - Running as user clamav (UID 30002, GID 30002)
Mon Feb 16 15:55:36 2004 - Reading databases from /opt/share/clamav
Mon Feb 16 15:55:39 2004 - Protecting against 20718 viruses.
Mon Feb 16 15:55:40 2004 - Unix socket file /var/run/clamav/clamav.sock
Mon Feb 16 15:55:40 2004 - Setting connection queue length to 15
Mon Feb 16 15:55:40 2004 - Listening daemon: PID: 25666
Mon Feb 16 15:55:40 2004 - Maximal number of threads: 5
Mon Feb 16 15:55:40 2004 - Archive: Archived file size limit set to 
10485760 bytes.
Mon Feb 16 15:55:40 2004 - Archive: Recursion level limit set to 5.
Mon Feb 16 15:55:40 2004 - Archive: Files limit set to 1000.
Mon Feb 16 15:55:40 2004 - Archive: Compression ratio limit set to 200.
Mon Feb 16 15:55:40 2004 - Archive support enabled.
Mon Feb 16 15:55:40 2004 - RAR support enabled.
Mon Feb 16 15:55:40 2004 - Mail files support enabled.
Mon Feb 16 15:55:40 2004 - Self checking every 3600 seconds.
Mon Feb 16 15:55:40 2004 - Timeout set to 180 seconds.
Mon Feb 16 15:55:40 2004 - SelfCheck: Database status OK.
Mon Feb 16 15:55:40 2004 - SelfCheck: Integrity OK


many thanks for any help given


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Implementation Questions

2004-02-16 Thread Matt K. Best 
On Monday 16 February 2004 10:27, Spam wrote:
 I have installed ClamAV friday and have it successfully tagging viruses
 e-mail with a header, but am wondering how people have actually stoped the
 message that has a virus attached.

 It seems to me like the easiest way would be to just not devilver any mail
 that has a header saying it has a virus.  Although this would work I would
 rather send the recipient of the letter a message saying that someone tried
 to send them a message, but it had a virus so it was stopped.  I am curious
 to know how some of you have this setup.  Any input would be appreciated.

 I am currently running clamav via procmail.


There are a few good open-source virus scanners out there for *nix, mostly 
written in perl.   

Mailscanner (http://www.mailscanner.info) is a good one that integrates really 
well with sendmail.

Amavis (http://www.amavis.org) is another that works great with many MTA's 
(most notably Postfix).  

These are both full-fledged virus scanners that can use ClamAV and run with 
the MTA to tag/quarantine/block/filter viruses and spam (usually with 
Spamassassin).

Both Mailscanner and Amavis have configuration options that will send 
notifications to the sender/recipient and/or an administrator.

A procmail recipe could do the same, you may want to check out the procmail 
defanger (http://www.impsec.org/email-tools/procmail-security.html)

-- 
-- Matt K. Best [EMAIL PROTECTED]



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Upgrading to ClamAV 0.67 from 0.65

2004-02-16 Thread Odhiambo Washington 
* Craig Daters [EMAIL PROTECTED] [20040216 18:37]: wrote:
 I installed 0.65 on a RH9 system using the source install (as opposed 
 to the RPM) and I now want to upgrade to 0.67 using the same method. 
 What is the proper way to do this? Is there and uninstall/upgrade 
 method for doing this?
 
 Or, do I just download it, un-tar the 0.67 files then run:
 
 $ ./configure --sysconfdir=/etc

I do the same, but I am particular about the options I pass to
configure.


 $ make

Me does that too.


 $ su -c make install

Yeah.


 I seem to recall that someone had asked this, but cannot find it in the 
 list.


Since I mostly use CVS code, I always seem to need to delete the old
clamav libs before the new source code compiles.


 If I do have to un-install the 0.65 install, how do I go about this?

These files will be overwritten by the new ones, I believe, so no need
to do unistall.


 I am used to working with RPM binaries, but I want to get into 
 installing from source files instead to get a better idea of the 
 installation process.

You are on the right path, but again, I am not that familiar with the
way linux works. If the last time you installed it did not complain
about any missing libs, then it should be fine this time round.



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
wash at wananchi dot com  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
Oh My God! They killed init! You Bastards!  
 --from a /. post


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Upgrading to ClamAV 0.67 from 0.65

2004-02-16 Thread Craig Daters 
Thanks Jesper, I'll check it out.

Here's what I do personally which seems to work great;

I'm using Slackware Linux, and I build ClamAV from source. But, I don't
want to just do make install as that leaves me with the responsabillity
to manually clean out old versions by hand etc. So what I do instead is
use checkinstall.  checkinstall is a tool that'll monitor an
installation done by make install and then it'll build a package for
your distribution that you can later uninstall or upgrade with your
distributions standard tools.  checkinstall can build both Slackware
packages, RPMs, Debian .deb packages etc.
Here's an example of how I do it (you would ofcourse use rpm in place of
my use of slackwares installpkg/removepkg/upgradepkg tools).
  ; First I configure clamav-0.65
$ ./configure with whatever options I want to use
  ; then I build it
$ make
  ; then we change to the root user to install/build package
$ su
  ; then we run checkinstall (which then runs 'make install' and monitor it)
# checkinstall -S
  ; the -S option tells checkinstall to build a Slackware package,
  ; you'd ofcourse want to build a RedHat one
  ; you can run checkinstall without any options and it will ask
  ; what distribution to build a package for
  ; now, after checkinstall finishes I'm left with a Slackware package
  ; named  clamav-0.65-i486-01.tgz which I can then install
# installpkg clamav-0.65-i486-01.tgz
  ; Now that was pretty easy...
  ; if I want to remove clam again I can now simply run
# removepkg clamav-0.65-i486-01
  ; just as with any other package
Now, let's assume I have 0.65 installed as pr the instructions above and I
download 0.67 and want to upgrade. Then I'd first build 0.67 *just like* I
did with the 0.65 version above. This time I'l be left with a package
called clamav-0.67-i486-01.tgz , and to upgrade I only have to run
# upgradepkg clamav-0.67-i486-01.tgz

And the magic happens :-)

Same thing with RedHat, except you'd use rpm -i etc to
install/remove/upgrade the generated packages.
You can find checkinstall here :
http://asic-linux.com.mx/~izto/checkinstall/index.php
I'm personally using the latest checkinstall-1.6.0beta3 version which
works like a charm.
You should read the very informative README file here :
http://asic-linux.com.mx/~izto/checkinstall/docs/README
If you want all the details, but simple usage like above should do you
just fine in most cases.
In my oppinion checkinstall is a life saver when doing a lot of source
installs of software.
Kind regards,

Jesper Juhl
--
--
Craig Daters ([EMAIL PROTECTED])
Systems Administrator
West Press Printing
1663 West Grant Road
Tucson, Arizona 85745-1433
Tel: 520-624-4939
Fax: 520-624-2715
www.westpress.com

--

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Database initialize error

2004-02-16 Thread Chadwick Wachs 
After installing ClamAV on OS X 1.3.2 (client with XTools), I am 
getting the following error when I try to run the application:

[chadwick:/usr/local/bin] root# /usr/local/sbin/clamd
LibClamAV debug: Loading databases from /var/clamav_db
ERROR: Database initialization error.
There is an empty directory /var/clamav_db.  Where should the 
database be and how do I get it in there?



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Upgrading to ClamAV 0.67 from 0.65

2004-02-16 Thread Craig Daters 
  $ ./configure --sysconfdir=/etc

I do the same, but I am particular about the options I pass to
configure.
What kind of options are you particular about? Should I be particular 
about them too?

--
--
Craig Daters ([EMAIL PROTECTED])
Systems Administrator
West Press Printing
1663 West Grant Road
Tucson, Arizona 85745-1433
Tel: 520-624-4939
Fax: 520-624-2715
www.westpress.com

--

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Database initialize error

2004-02-16 Thread Antony Stone 
On Monday 16 February 2004 4:46 pm, Chadwick Wachs wrote:

 After installing ClamAV on OS X 1.3.2 (client with XTools), I am
 getting the following error when I try to run the application:

 [chadwick:/usr/local/bin] root# /usr/local/sbin/clamd
 LibClamAV debug: Loading databases from /var/clamav_db
 ERROR: Database initialization error.

 There is an empty directory /var/clamav_db.  Where should the
 database be and how do I get it in there?

On Linux systems at least, the database files live in /usr/local/share/clamav 
and you update them by running freshclam.

Regards,

Antony.

-- 
There's no such thing as bad weather - only the wrong clothes.

 - Billy Connolly

 Please reply to the list;
   please don't CC me.



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Implementation Questions

2004-02-16 Thread Dennis Skinner 
On Mon, 2004-02-16 at 10:27, Spam wrote:
 I have installed ClamAV friday and have it successfully tagging
 viruses e-mail with a header, but am wondering how people have
 actually stoped the message that has a virus attached.

You want to run ClamAV at SMTP time and stop the virus before your
system accepts it and has to decide what to do with it then.  Otherwise,
you *could* have your procmail recipe just drop virus msgs on the floor,
but that's not as nice IMO.

I run Exim+Exiscan and deny immediately at SMTP time.  There are other
setups that will do the same.

 It seems to me like the easiest way would be to just not devilver any
 mail that has a header saying it has a virus.  Although this would
 work I would rather send the recipient of the letter a message saying
 that someone tried to send them a message, but it had a virus so it
 was stopped.  I am curious to know how some of you have this setup. 
 Any input would be appreciated.

Ahspam your usersgood idea :)  Consider that most viruses these
days spoof the sender address and the mail is not legitimate (i.e. not
sent by a live person with actual content that the recipients want). 
All you will do is confuse your users and/or annoy the hell out of them.

 I am currently running clamav via procmail.
  
 Josh
-- 
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Database initialize error

2004-02-16 Thread Tomasz Papszun 
On Mon, 16 Feb 2004 at  9:46:48 -0700, Chadwick Wachs wrote:
 After installing ClamAV on OS X 1.3.2 (client with XTools), I am 
 getting the following error when I try to run the application:
 
 [chadwick:/usr/local/bin] root# /usr/local/sbin/clamd
 LibClamAV debug: Loading databases from /var/clamav_db
 ERROR: Database initialization error.
 
 There is an empty directory /var/clamav_db.  Where should the 
 database be and how do I get it in there?

Database files should be in the directory configured with DataDirectory
directive.

One must run freshclam after installing ClamAV.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Error Message

2004-02-16 Thread Doug Hardie 
On Feb 16, 2004, at 00:34, Nigel Horne wrote:

On Monday 16 Feb 2004 4:37 am, Doug Hardie wrote:

Feb 15 19:14:18 1.4 zoon clamav-milter: ClamAv: private data not 
NULL
 What does the message mean and is
there a configuration parameter I need to alter to avoid it?
This sounds like an error thrown by sendmail even though sendmail 
makes it
look like it came from clamav. Check your sendmail.mc file is correct.

What operating system is this?
FreeBSD 4.6

What arguments are you using to call clamav-milter?
/usr/local/sbin/clamav-milter -f -q --quarantine-dir=/var/clamav

Is clamd still running? (run ps -e | fgrep clamav, or ps -a | fgrep 
clamav according to your operating system).
Yes it continues to run, however, after a few of those messages it 
quits scanning new messages and I start getting timeout messages.

-Nigel

--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

-- Doug



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Error Message

2004-02-16 Thread Doug Hardie 
On Feb 16, 2004, at 01:52, Andy Fiddaman wrote:



On Mon, 16 Feb 2004, Nigel Horne wrote:

; On Monday 16 Feb 2004 4:37 am, Doug Hardie wrote:
;
;  Feb 15 19:14:18 1.4 zoon clamav-milter: ClamAv: private data not 
NULL
;   What does the message mean and is
;  there a configuration parameter I need to alter to avoid it?
;
; This sounds like an error thrown by sendmail even though sendmail 
makes it
; look like it came from clamav. Check your sendmail.mc file is 
correct.

This is a message from libmilter which means that the milter returned 
from
cb_eom or that the milter context session terminated in some other way 
but
that the context private data was not NULL - so it's a problem in the
milter somewhere - probably just a condition where clamfi_cleanup isn't
called. The warning is just to let you know that there's a memory leak.
Thanks.  I found the message in libmilter.  I suspect this may be the 
reason that I periodically run out of memory.  Occasionally sendmail 
completely loses all ability to function and I get a large string of 
out of memory errors from it (malloc unable to allocate).  I have to 
restart sendmail, clamd, and clamav-milter to get things going again.

(While I'm looking, there are also a few places where memory can leak 
in
clamfi_envfrom. It mallocs the private data structure then can return
without freeing it or assigning it to the session context, so it will
never be cleaned up. It just needs a few free(privdata) calls before 
the
'return cl_error' lines.)

Andy

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

-- Doug



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Problem scanning ZIP archives with clamdscan and not clamscan

2004-02-16 Thread Lucas Albers 
I've encounted this problem:
clamscan will scan zip files and detect a virus.
clamdscan will not.


clamdscan part.1.body.zip
/tmp/part.1.body.zip: OK
--- SCAN SUMMARY ---
Infected files: 0

clamscan part.1.body.zip
--- SCAN SUMMARY ---
part.1.body.zip: Worm.Gibe.F FOUND
Infected files: 1

I'm using  clamav 0.65-3 for debian.

This was all run from the command line on a zipped virus file.

-- 
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Implementation Questions

2004-02-16 Thread Michael St. Laurent 
Antony Stone mailto:[EMAIL PROTECTED] wrote:
 I run MailScanner http://www.mailscanner.info as a wrapper to ClamAV
 and SpamAssassin (it can also handle many other A-V engines, and does
 further tests  checks of its own), and I find this a very good
 solution to handling email.

I recently moved to MailScanner as well after discovering that I would not
be able to use the clamav-milter given the special circumstances involved
here.

Wow.  I'm really, really happy with it.  It has one of the best install
scripts I've ever seen for unix.  It took a while to get it configured
because it is *very* configurable.

-- 
Michael St. Laurent
Hartwell Corporation


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Implementation Questions

2004-02-16 Thread Brian Bruns 
On Monday, February 16, 2004 10:27 AM [EST], Spam [EMAIL PROTECTED]
wrote:

 I have installed ClamAV friday and have it successfully tagging viruses
 e-mail with a header, but am wondering how people have actually stoped the
 message that has a virus attached.

 It seems to me like the easiest way would be to just not devilver any mail
 that has a header saying it has a virus.  Although this would work I would
 rather send the recipient of the letter a message saying that someone tried
 to send them a message, but it had a virus so it was stopped.  I am curious
 to know how some of you have this setup.  Any input would be appreciated.

 I am currently running clamav via procmail.


I use exim 4.30 with the exiscan/local_scan patches which integrate clamav
directly into exim.  Works like a charm and stops a good portion of the
viruses (still some MyDoom viruses getting through, not sure why).



-- 
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.sosdg.org

The Abusive Hosts Blocking List
http://www.ahbl.org



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] feature request in virusdb ml

2004-02-16 Thread Cedric Foll 
Hi,

I would like to have information obout the severity/frequence of viruses 
add in the mailing list.
It should be nice to know when a virus added is very dangerous and that 
an update is required urgently. At least add the information provided 
during submission about frequency of the virus.

Thanks for the work of all the team. Your job is really appreciated.

Regards.

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] freshclam update rate

2004-02-16 Thread Bill Randle 
I searched the archives, but didn't see an answer so pardon me if
it's a FAQ. How often is it reasonable to call freshclam (either
from cron or in daemon mode) to check for new virusdb updates?
Obviously there's a tradeoff between detecting fast spreading
viruses like MyDoom and overloading the db servers.

Is once an hour too often? Once every 3-4 hours?

-Bill






---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: clamav-devel 20040213 for windows

2004-02-16 Thread Andrey Cherezov 
 Date: Mon, 16 Feb 2004 16:15:58 +0700
 From: Fajar A. Nugraha [EMAIL PROTECTED]
 Subject: Re: [Clamav-users] Re: clamav-devel 20040213 for windows

 Just as I thought. ANyway, the developers seems to have fixed this by
 adding O_BINARY (again) for Cygwin build only.
 As usual, you can get my precompiled daily build on www.clamav.or.id.
 Tested it earlier, and it works fine.

In this your clamav/Windows build there is fixed 'MD5 problem',
but seems not fixed temporary file creation error in mbox.c:
this version failed to recognize most of real viruses.
Here is result of small check on virus archive - found only 26
viruses from 179.

--- SCAN SUMMARY ---
Known viruses: 20724
Scanned directories: 1
Scanned files: 179
Infected files: 26
Data scanned: 55.32 MB
I/O buffer size: 131072 bytes
Time: 31.360 sec (0 m 31 s)

Fajar, the right version of mbox.c is 1.40 and 1.42-44.
1.41 - wrong.

The fixed version (posted to ftp://bitrix.eserv.ru/download/clamav1.rar
11.Feb.2004) works on any windows (with or w/o cygwin installed,
not depends of LF/CRLF cygwin settings), clamDscan not inserts /cygdrive/,
detects all viruses in virus archive, could be installed in any directory...
--- SCAN SUMMARY ---
Infected files: 179
Time: 70.156 sec (1 m 10 s)




---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] freshclam update rate

2004-02-16 Thread Lionel Bouton 
Bill Randle wrote the following on 02/16/2004 10:12 PM :

I searched the archives, but didn't see an answer so pardon me if
it's a FAQ. How often is it reasonable to call freshclam (either
from cron or in daemon mode) to check for new virusdb updates?
Obviously there's a tradeoff between detecting fast spreading
viruses like MyDoom and overloading the db servers.
Is once an hour too often? Once every 3-4 hours?
 

Once an hour is fine, but if you use crontab please add a once randomly 
chosen sleep between 0 and 3599 second before launching freshclam.
As lots of people using crontab put something like 0 * * * * ... The 
database mirrors have huge peaks of bandwidth usage each hour (and 
what's not good for the mirrors isn't good for the virus db availability).

Something like :

# echo $[ $RANDOM % 3600 ]
0 * * * * sleep value_given_above; freshclam --quiet
Best regards,

--
Lionel Bouton - inet6
-
  o  Siege social: 51, rue de Verdun - 92158 Suresnes
 /  _ __ _   Acces Bureaux: 33 rue Benoit Malon - 92150 Suresnes
/ /\  /_  / /_   France
\/  \/_  / /_/   Tel. +33 (0) 1 41 44 85 36
 Inetsys S.A.Fax  +33 (0) 1 46 97 20 10


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: clamav-devel 20040213 for windows

2004-02-16 Thread Fajar A. Nugraha 
Brian Bruns wrote:

BTW, the only reason why we are putting out our own build (not to compete with
you obviously) 

Obviously :) My builds are mainly for testing purposes; thus it is based 
on daily CVS snapshot.

is because we are trying to eventually release a 'quality
assured' version of clamav (if you could call it that), sorta like what
ActiveState does with Perl.  The idea being that once things are stabilized
and we have clamav-win32 working like we want to, we are going to release
'stable' builds based on the most current version of clamav.  

Great !

We do the same
thing with ircII EPIC4 For Windows and have had pretty good success.
My hope is, that eventually, we might be able to create a native version of
clamav for windows which does not require the cygwin layer, and would be able
to compete directly with Norton AV or McAffee.  

That would be nice. What would be even better if you could come up with 
some kind of
on-access scanning mechanism. Sort of clamuko-win32.

I've got some of my internal
developers tinkering with the code right now to see if we can do it easily or
if we are out of our league.  Naturally, any changes we make will obviously be
contributed back :-)
 

Again, great !

Regards,

Fajar A. Nugraha

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] W32.Welchia.Worm

2004-02-16 Thread Luke Scharf 
On Mon, 2004-02-16 at 14:49, Patricia Viana wrote:
 OK, it does some damage. like installing a small web server
 and overwriting html files for a screwed up page
  
 But after all, it does install some fixes and tries to remove the
 worms MyDoom.A and MyDoom.B!!

It's probably the product of a pissed-off sysadmin...  I once considered
writing an Outlook virus that would set the Outlook settings to
something secure and forward itself to everyone in your address book.  I
decided not to because of the risk of getting lynched -- and because I
would have actually had to use Outlook meself

As someone else mentioned, one of the big problems with Welchia is that
it disrupts the network at least as much as msblast.  

I'd much rather have a Nessus plugin that would exploit the
vulnerability to install the patch, but do nothing else.  That way, I
could auto-patch machines from my desk by merely lifting a finger over
my left mouse button.  :-)~

-Luke

-- 
Luke Scharf, Systems Administrator
Virginia Tech Aerospace and Ocean Engineering



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] TNEF?

2004-02-16 Thread Tommy McNeely 
Just curious... I have all these Outlook users who claim they need TNEF
files to not be blocked anymore, does clamav directly un-encode them for
scanning, or do I need to get a perl module or external executable?

Thanks,
Tommy

PS: building this on Solaris is making me pull hair out.. more later :)


-- 
Tommy McNeely - [EMAIL PROTECTED]
Unix Administrator - Electro Domestico




---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] freshclam update rate

2004-02-16 Thread Luke Scharf 
On Mon, 2004-02-16 at 16:35, Lionel Bouton wrote:
 Once an hour is fine, but if you use crontab please add a once randomly 
 chosen sleep between 0 and 3599 second before launching freshclam.
 As lots of people using crontab put something like 0 * * * * ... The 
 database mirrors have huge peaks of bandwidth usage each hour (and 
 what's not good for the mirrors isn't good for the virus db availability).
 
 Something like :
 
 # echo $[ $RANDOM % 3600 ]
 0 * * * * sleep value_given_above; freshclam --quiet

Why didn't I think of that?!?  :-)

To add more randomness, I did it like so (on a Linux box where bash is
always available):
SHELL=/bin/bash
0 * * * * sleep $[ $RANDOM % 3600 ] ; /usr/bin/freshclam --quiet

This does seem more polite than hitting it hard, right on the hour.

-Luke

-- 
Luke Scharf, Systems Administrator
Virginia Tech Aerospace and Ocean Engineering



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problems after freshclam

2004-02-16 Thread Lloyd Albin 
Hello,

Have you fixed the Dazuko support yet? I have not seen any message in
this list saying that it has been fixed.

I just installed v0.66 today when I enabled ClamukoScanOnLine I get the
following error message

ERROR: Parse error at line 190: Unknown option ClamukoScanOnLine.
ERROR: Can't open/parse the config file /usr/local/etc/clamav.conf


--Lloyd

Lloyd Albin [EMAIL PROTECTED]




---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] freshclam update rate

2004-02-16 Thread Bill Randle 
On Mon, 2004-02-16 at 15:11, Luke Scharf wrote:
 On Mon, 2004-02-16 at 16:35, Lionel Bouton wrote:
  Once an hour is fine, but if you use crontab please add a once randomly 
  chosen sleep between 0 and 3599 second before launching freshclam.
  As lots of people using crontab put something like 0 * * * * ... The 
  database mirrors have huge peaks of bandwidth usage each hour (and 
  what's not good for the mirrors isn't good for the virus db availability).
  
  Something like :
  
  # echo $[ $RANDOM % 3600 ]
  0 * * * * sleep value_given_above; freshclam --quiet
 
 Why didn't I think of that?!?  :-)
 
 To add more randomness, I did it like so (on a Linux box where bash is
 always available):
 SHELL=/bin/bash
 0 * * * * sleep $[ $RANDOM % 3600 ] ; /usr/bin/freshclam --quiet
 
 This does seem more polite than hitting it hard, right on the hour.

Excellent ideas! I will implement Luke's version.

-Bill



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] freshclam update rate

2004-02-16 Thread Lucas Albers 
Luke Scharf said:

 This does seem more polite than hitting it hard, right on the hour.

 -Luke

 --
 Luke Scharf, Systems Administrator
 Virginia Tech Aerospace and Ocean Engineering

If you use freshclam as a daemon, you don't have to worry about this as it
randomizes it?


-- 
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] feature request in virusdb ml

2004-02-16 Thread Antony Stone 
On Monday 16 February 2004 8:54 pm, Cedric Foll wrote:

 Hi,

 I would like to have information obout the severity/frequence of viruses
 add in the mailing list.
 It should be nice to know when a virus added is very dangerous and that
 an update is required urgently. At least add the information provided
 during submission about frequency of the virus.

It is very difficult to tell how dangerous or severe a virus is, and therefore 
how urgent the update is, until it's really too late.   How do you define 
dangerous?   How quickly the virus spreads?   Or what damage it does when it 
arrives?   Either way, I'd prefer to get a quick signature for anything nasty 
rather than request the signature-creators spend extra time assessing the 
risk associated with a particular piece of code.

I think most people attitude will be: If it's a virus, give me a signature 
quick!   I don't care how bad the virus is - I just want protection from it.

Regards,

Antony.

-- 
Never write it in Perl if you can do it in Awk.
Never do it in Awk if sed can handle it.
Never use sed when tr can do the job.
Never invoke tr when cat is sufficient.
Avoid using cat whenever possible.

 Please reply to the list;
   please don't CC me.



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] New user--- Frashclam error

2004-02-16 Thread isp-lists [at] beachcomp.com 



Anyone have any 
ideas what I'm doing wrong?

C:\clamav-devel\binfreshclamClamAV 
update process started at Mon Feb 16 20:00:41 2004Reading CVD header 
(main.cvd): OKmain.cvd is up to date (version: 19, sigs: 19987, f-level: 1, 
builder: ddm)Reading CVD header (daily.cvd): OKDownloading daily.cvd 
[*]ERROR: Verification: MD5 verification error.Trying again...ClamAV 
update process started at Mon Feb 16 20:00:44 2004Reading CVD header 
(main.cvd): OKmain.cvd is up to date (version: 19, sigs: 19987, f-level: 1, 
builder: ddm)Reading CVD header (daily.cvd): OKDownloading daily.cvd 
[*]ERROR: Verification: MD5 verification error.Trying again...ClamAV 
update process started at Mon Feb 16 20:00:45 2004Reading CVD header 
(main.cvd): OKmain.cvd is up to date (version: 19, sigs: 19987, f-level: 1, 
builder: ddm)Reading CVD header (daily.cvd): OKDownloading daily.cvd 
[*]ERROR: Verification: MD5 verification error.Giving up...

Thanks

Dave

Re: [Clamav-users] W32.Welchia.Worm

2004-02-16 Thread russ 
On Mon, 2004-02-16 at 14:49, Patricia Viana wrote:

 Could this be considered a well-intended virus?!?!

I work for a school system with about 2000 computers on our network.
Welchia Shut down our network for 4 days until we perfected a way to
squash it. (Norton was no help at all BTW)

Personally I work like to wrap my hands around the person that wrote
this well-intended worm.

There is no such thing as a good worm or virus.


-- 
Russel Oliver
[EMAIL PROTECTED]



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: Re: making clamav on solaris {Scanned}

2004-02-16 Thread Tommy McNeely 
On Sun, 08 Feb 2004 15:34:01 +, Andy Fiddaman wrote:

 Probably worth mentioning at this point that the 'whoami' utility isn't
 standard in core solaris either, that needs the SUNWscpu (SunOS 4.x
 compatibility utilities) - who am i | awk '{print$1}' does the same
 though.
 
 Andy
 
 [EMAIL PROTECTED] clamav-0.67]# who am i
tommy  pts/2Jan 29 14:56(pickles)
[EMAIL PROTECTED] clamav-0.67]# /usr/ucb/whoami
root



Just thought I would mention that whoami and who am i are not quite
the same... its better to do something like id  | grep -c root .. but
even that can be thrown off 

Tommy



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: Re: making clamav on solaris {Scanned}

2004-02-16 Thread Carl Holtje ;021;vcsg6; 
As a caveat, sometimes the 'who am i' will return something more along the
lines of:
username!host  pts.

such that the awk solution may or may not work...

Might think to awk or cut the line, and then a sed to be sure to get just
the username...

Carl

On Mon, 16 Feb 2004, Tommy McNeely wrote:

 On Sun, 08 Feb 2004 15:34:01 +, Andy Fiddaman wrote:

  Probably worth mentioning at this point that the 'whoami' utility isn't
  standard in core solaris either, that needs the SUNWscpu (SunOS 4.x
  compatibility utilities) - who am i | awk '{print$1}' does the same
  though.
 
  Andy
 
  [EMAIL PROTECTED] clamav-0.67]# who am i
 tommy  pts/2Jan 29 14:56(pickles)
 [EMAIL PROTECTED] clamav-0.67]# /usr/ucb/whoami
 root



 Just thought I would mention that whoami and who am i are not quite
 the same... its better to do something like id  | grep -c root .. but
 even that can be thrown off

 Tommy



 ---
 SF.Net is sponsored by: Speed Start Your Linux Apps Now.
 Build and deploy apps  Web services for Linux with
 a free DVD software kit from IBM. Click Now!
 http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
 ___
 Clamav-users mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/clamav-users


- --

There are 10 types of people in the world: Those who understand binary
and those that don't.

$whoami: Carl Holtje
$mail holtje: [EMAIL PROTECTED]
$cu: http://www.cs.rit.edu/~cwh0803
$whois holtje:

  System Administrator Group
  Computer Science Department
  Rochester Institute of Technology

$


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Clamav false positive?

2004-02-16 Thread Sam Miller 
Firstly, I'd like to say thank you for such a useful utility.

My question concerns scanning a Windows partition from a Linux partition
on the same drive. Running Clamav 0.65-3 on Debian based Libranet, scanned
a WinME partition and came up with the report that FunLove.4099 had been
found in several drivers (LAN I think). Looking through the files
with MC turned up the text '~Fun Loving Criminal~' several times in each
one. File creation date the same for each, August 13 2000.

Why I'm unsure is that my free Windows anti-virus program never detected
it. But I was unsure and downloaded the Symantec cleaning tool. It didn't
find anything.

Is there some inherent risk for false positives with scanning Windows from
Linux?

Thank you.

Sam Miller
 



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Upgrading to ClamAV 0.67 from 0.65

2004-02-16 Thread Odhiambo Washington 
* Craig Daters [EMAIL PROTECTED] [20040216 21:11]: wrote:
   $ ./configure --sysconfdir=/etc
 
 I do the same, but I am particular about the options I pass to
 configure.
 
 What kind of options are you particular about? Should I be particular 
 about them too?

./configure --disable-clamav --enable-bigstack --with-group=mail \
--disable-clamuko --with-user=exim

You can see what they do by doing ./configure --help | more



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
wash at wananchi dot com  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
Oh My God! They killed init! You Bastards!  
 --from a /. post


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: TNEF?

2004-02-16 Thread Starbane 
Tommy McNeely wrote:
Just curious... I have all these Outlook users who claim they need TNEF
files to not be blocked anymore, does clamav directly un-encode them for
scanning, or do I need to get a perl module or external executable?
Ask your Outlook users what they think the TNEF attachments do, because 
AFAIK, the only thing it's good for is distributing information they 
never intended to send.

Outlook can be configured not to bother with TNEF, though it is not by 
default (naturally).

Most non-Microsoft clients cannot decode TNEF, and will not bother.  If 
they change their default format to (yuck) HTML, then they will get all 
the formatting they like in a generally portable manner.  Winmail.dat 
attachments are dropped at many gateways, in any case.

Sorry, this does nothing to help you, I just felt like ranting about yet 
another annoyance of using proprietary crap like Outlook.



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Implementation Questions

2004-02-16 Thread Fajar A. Nugraha 
Brian Bruns wrote:

I use exim 4.30 with the exiscan/local_scan patches

Hey, another thing we share in common!

which integrate clamav
directly into exim.  Works like a charm 

Very true! It can reject virus right at SMTP time, AND with less CPU 
load than those perl-scanners too :)

and stops a good portion of the
viruses (still some MyDoom viruses getting through, not sure why).
 

In my case, sometimes it's because I get can't connect to /tmp/clamd 
errors.
I have another ClamAV at the real mailserver (not exim), so I can 
simply let all mail pass thru when
this error happens on exim/exiscan. I tag emails with warn during 
virus checks, not with
a deny so that mail processing continue even if clamd fails. How do 
you setup yours?

Regards,

Fajar A. Nugraha

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] New user--- Frashclam error

2004-02-16 Thread Fajar A. Nugraha 
isp-lists [at] beachcomp.com wrote:

Anyone have any ideas what I'm doing wrong?

You're not doing anything wrong. It's a known problem with older ClamAV 
on Win32 machines without Cygwin.

C:\*clamav-devel*\binfreshclam
I assume you're using Brian Burns' build from www.sosdg.org ?
Newer CVS snapshot don't have this problem anymore.
You could build your own, or wait till Brian releases another build, or 
use my build on clamav.or.id.

Regards,

Fajar A. Nugraha

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] freshclam update rate

2004-02-16 Thread Lionel Bouton 
Lucas Albers wrote the following on 02/17/2004 01:17 AM :

Luke Scharf said:

 

This does seem more polite than hitting it hard, right on the hour.

-Luke

--
Luke Scharf, Systems Administrator
Virginia Tech Aerospace and Ocean Engineering
   

If you use freshclam as a daemon, you don't have to worry about this as it
randomizes it?
 

Yes

But in the crontab case be aware that the mean time between updates in :

0 * * * * sleep $[ $RANDOM % 3600 ] ; /usr/bin/freshclam --quiet

is 3600s, but between 2 updates the delay can be anywhere between 1 and 7199s. Computing $RANDOM doesn't bring anything to the overall distribution quality too.



--
Lionel Bouton - inet6
-
  o  Siege social: 51, rue de Verdun - 92158 Suresnes
 /  _ __ _   Acces Bureaux: 33 rue Benoit Malon - 92150 Suresnes
/ /\  /_  / /_   France
\/  \/_  / /_/   Tel. +33 (0) 1 41 44 85 36
 Inetsys S.A.Fax  +33 (0) 1 46 97 20 10


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users