[Clamav-users] ScanStream errors

[Krzysztof Snopek]

After weeks of running clamd+clamav-milter without any problems
(Solaris9 sparc, sendmail 8.12.10), today morning something wrong
happened. Below are some lines from clamd.log :

Tue Mar 16 03:57:46 2004 - ERROR: ScanStream: accept() failed.
Tue Mar 16 03:57:47 2004 - ERROR: ScanStream: accept() failed.
Tue Mar 16 03:57:48 2004 - ERROR: ScanStream: accept() failed.
Tue Mar 16 03:57:48 2004 - ERROR: ScanStream: accept() failed.
Tue Mar 16 03:57:50 2004 - ERROR: ScanStream: accept() failed.
Tue Mar 16 03:57:55 2004 - ERROR: ScanStream: accept() failed.
Tue Mar 16 03:57:57 2004 - ERROR: ScanStream: accept() failed.
Tue Mar 16 03:57:58 2004 - ERROR: ScanStream: accept() failed.
Tue Mar 16 03:57:58 2004 - ERROR: ScanStream: accept() failed.
Tue Mar 16 03:57:59 2004 - ERROR: ScanStream: accept() failed.
Tue Mar 16 04:01:00 2004 - ERROR: ScanStream: accept() failed.
Tue Mar 16 04:01:33 2004 - Session 0 stopped due to timeout.
Tue Mar 16 04:01:53 2004 - SelfCheck: Database status OK.
Tue Mar 16 04:02:27 2004 - ERROR: ScanStream: Can't create temporary
file.
Tue Mar 16 04:03:00 2004 - ERROR: ScanStream: Can't create temporary
file.
Tue Mar 16 04:03:21 2004 - ERROR: ScanStream: Can't create temporary
file.
...
lot of this 'can't create' lines until I've rebooted machine.
After that, all is OK.
As a result, sendmail was responding to all with
reject=451 4.7.1 Try again later
 Could someone guess what happened?

Krzysztof Snopek
[EMAIL PROTECTED]


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Where is the sock file

[Dilip M]

On Tue, 16 Mar 2004 10:13:48 +0300, Odhiambo Washington 
[EMAIL PROTECTED] wrote:
[...]


Do you have a file clamav.conf??


I'm talking about socket file ?
Is there a way to coonect to CLAM using socket ??


Very much! Go slowly and read the installation docs. The answers are
there. That is why I asked you if you even have a file called
clamav.conf. The fact that you are asking this question shows that
you obviously haven't read anything to do with install, or if you
did, you were in a great hurry, which is not good for you in the long
run.
I know soon someone here is gonna tell you to RTM. Badly enough, I
happen to have just done it;(
Hi Washington,

You are right!! Few months back when i started to use Clam_AV , i had 
little knowledge {(compared to today :) }  on it

So i re-read the doc and solved this !! Let me check how much better/poor 
performance does CLAM give using Socket :)

Thanks
-Dilip
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problem in install ClamAV

[Paul Constable]

I am suffering the same problem, I'm running SuSE 9 Pro.
Typing 'clamd' gives no response whatsoever, clamscan has installed and is 
functional.
My symptoms are the same.

What do I need to do I have read as much info as I can get hold of.
Would clamav-milter installation improve the situation.

I'm using amavisd-new to tie everything together, spamassassin is working 
fine.

What do I need to do ???

Paul

On Tuesday 16 March 2004 07:17, Fajar A. Nugraha wrote:
 Muhammad Kashif Muneer wrote:
 Dear Sir,
 
 I have checked both points that u mentioned but did not find any of
 them. I have conf file in /usr/local/etc/clamav.conf
 In this file I have entry
 LocalSocket /tmp/clamd
 
 I also check the location of /var/run but did not find folder clamav. It
 means installation did not create clamav.sock file and did not creat
 folder in /var/run.

 It seems that you want to use clamav-milter, a program that glues clamav
 to sendmail.

 In that case try reading

 http://clamav.or.id/snapshot/docs/html/node28.html

 (the doc pages of www.clamav.net are a little outdated).
 You could also find recent documentation on docs
 folder on clamav source.

 also read INSTALL file on clamav-milter directory
 on source package.

 In short, running ./configure  make  make install is
 not enough

 Regards,

 Fajar


 ---
 This SF.Net email is sponsored by: IBM Linux Tutorials
 Free Linux tutorial presented by Daniel Robbins, President and CEO of
 GenToo technologies. Learn everything from fundamentals to system
 administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
 ___
 Clamav-users mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files

[Helmut Schneider]

Fajar A. Nugraha wrote:

 Helmut Schneider wrote:
 
 seems that the clamav Port (0.67-1) has problems with RAR Files
 (e.g. 
 Bagle.N):
 
 To avoid missunderstandings, I know the file is pwd, but clamav does
 not recognize the virus within the archive (maybe a DB problem)... 
 
 Sometimes the signatures were created using the complete mail, so
 clamscan won't recognize the attachment alone but it will recognize
 the complete mail.
 
 If you use clamscan, you can work around RAR errors using
 --unrar[=FULLPATH]   Enable support for .rar files
 
 But since the RARs are password-protected, it's useless.
 My suggestion is try feeding the complete virus mail to clamscan
 (instead of just the attachment), and see if it works.

Thats the point, if clamav would have detected the virus in the original mail I 
wouldn't have posted here... :)


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70alloc_id638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files

[Fajar A. Nugraha]

Helmut Schneider wrote:

Thats the point, if clamav would have detected the virus in the original mail I wouldn't have posted here... :)

 

Aaah :)

In that case,
test the original mail (not just the attachments) on 
http://www.gietl.com/test-clamav/.
If it's not detected, submit it to

http://www.nervous.it/~nervous/cgi-bin/sendvirus.cgi

Judging form the last updates clamav *might* detect it now.

Regards,

Fajar

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problem in install ClamAV

[Fajar A. Nugraha]

Paul Constable wrote:

I am suffering the same problem, I'm running SuSE 9 Pro.
Typing 'clamd' gives no response whatsoever,
Again, how do you get your package (rpm, source, binary .tar.gz, etc)?
Next, find out where your clamav.conf is. There sould be a line similar to
LocalSocket /tmp/clamd == The location of your socket
LogFile /usr/local/share/clamav/clamd.log == clamd log file
You might use syslog for clamd instead of LogFile. In that case, to help 
debugging,
add LogFile line to clamav.conf. Make sure that file/directory is 
writable by clamav user.
Then, start clamd and see what your clamd.log says. A successful start 
would have
these entries :

Tue Mar 16 16:12:15 2004 - +++ Started at Tue Mar 16 16:12:15 2004
Tue Mar 16 16:12:15 2004 - Log file size limit disabled.
Tue Mar 16 16:12:15 2004 - Running as user root (UID 0, GID 0)
Tue Mar 16 16:12:15 2004 - Reading databases from /usr/local/share/clamav
Tue Mar 16 16:12:15 2004 - Protecting against 20350 viruses.
Tue Mar 16 16:12:16 2004 - *Unix socket file /tmp/clamd*
Tue Mar 16 16:12:16 2004 - Setting connection queue length to 30
Tue Mar 16 16:12:16 2004 - Archive: Archived file size limit set to 
10485760 bytes.
Tue Mar 16 16:12:16 2004 - Archive: Recursion level limit set to 5.
Tue Mar 16 16:12:16 2004 - Archive: Files limit set to 1000.
Tue Mar 16 16:12:16 2004 - WARNING: USING HARDCODED LIMIT: Archive: 
Compression ratio limit set to 200.
Tue Mar 16 16:12:16 2004 - Archive support enabled.
Tue Mar 16 16:12:16 2004 - RAR support disabled.
Tue Mar 16 16:12:16 2004 - Mail files support disabled.
Tue Mar 16 16:12:16 2004 - OLE2 support disabled.
Tue Mar 16 16:12:16 2004 - Self checking every 3600 seconds.
Tue Mar 16 16:12:16 2004 - ERROR: Clamuko is not available.

clamscan has installed and is 
functional.
My symptoms are the same.

What do I need to do I have read as much info as I can get hold of.
Would clamav-milter installation improve the situation.
I'm using amavisd-new to tie everything together, spamassassin is working 
fine.

 

You don't need clamav-milter for amavisd-new. Just read amavisd-new docs 
or config file,
see where it expects clamd to be (path to local socket, or TCP port) 
then change
your clamav.conf to match it. It might help if you run clamav as the 
same user as amavis
(e.g change User line on clamav.conf).

Regards,

Fajar

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav very slow when scanning files with mostly 0xff

[Tomasz Kojm]

On Mon, 15 Mar 2004 22:41:39 -0500
James [EMAIL PROTECTED] wrote:

 I'm currently using clamav 0.67, and I'm seeing clamav taking a long
 time scanning files with mostly 0xFFs.  
 
 Normally the time it takes to scan a file is not a problem but once a
 while we receive a large mostly white picture, and instead of the
 usual minute or so to scan a file, it takes 20+ mins to scan it.  
 This is happening on both linux on intel and  solaris on sparcs.
 
 Just as a data point, I used clamscan to scan a 1M data file with
 random data and it took 3.6 sec, but a 1M file of all 0xFF's took 21
 sec.
 
 Has anyone else seen this problem?  

It seems there are (far) too many signatures that start with  and
the node [ff][ff] contains too many signatures in the linked list. I
will fix that with the next main.cvd update.

-- 
   oo. Tomasz Kojm [EMAIL PROTECTED]
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Mar 16 09:41:56 CET 2004


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] password protected zip file

[Tomasz Kojm]

On Tue, 16 Mar 2004 11:55:33 +1100
Jonathan Trott [EMAIL PROTECTED] wrote:

 Tomasz Kojm [EMAIL PROTECTED] wrote on 12/03/2004 00:07:01:
 
  On Thu, 11 Mar 2004 12:49:36 +1100
  Jonathan Trott [EMAIL PROTECTED] wrote:
  
   At the moment, if you put any virus inside an encrypted zip file, 
   clamav reports that there isn't a virus in there, which is a false
   
   negative. Better to report that it couldn't be scanned than there 
   wasn't a virus in there.
  
  No, that's definitely not a false negative. Password protected
  viruses are not dangerous (and not interesting to us) as long as
  they don't distribute the password. But anyway you should check the
  --detect-encrypted option (CVS).
 
 How can you determine that the password is being distributed with the 
 message? How about the situation where a malicious hacker is trying to

We can't. We only detect encrypted archives.

 introduce a trojan into the network via email that contains a password
 
 protected zip file with the trojan inside? There wouldn't be a
 password in the email signature for that situation and clamav would
 have passed it as clean! Clamav should (as I assume the CVS option now
 does) report that the file could not be scanned, and let who/whatever
 has called clamav process the file as it sees fit. Do anything but

Actually that's the way clamav works. Also it always scans a raw file
(that's why our generic signature for Bagle zips work).

-- 
   oo. Tomasz Kojm [EMAIL PROTECTED]
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Mar 16 09:56:22 CET 2004



pgp0.pgp
Description: PGP signature

Re: [Clamav-users] New varient of password compressed virus

[Tomasz Kojm]

On Mon, 15 Mar 2004 17:12:20 -0700 (MST)
Lucas Albers [EMAIL PROTECTED] wrote:

 Fajar A. Nugraha said:
  An interesting fact on ChangeLog:
 
  Thu Mar 11 21:50:32 CET 2004 (tk)
  -
* libclamav: rar: added support for encrypted archive
(Encrypted.RAR)
 detection
 
 
 To make an obvious statement.
 Clamav should add encrypted compression detection support for all
 formats it supports.

All encrypted archives supported by the built-in libraries (RAR, Zip)
can be detected. Compressed files (bzip2, gzip, ...) don't support a
direct encryption.

-- 
   oo. Tomasz Kojm [EMAIL PROTECTED]
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Mar 16 09:52:41 CET 2004


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] New varient of password compressed virus

[Thomas Lamy]

Lucas Albers schrieb:
Fajar A. Nugraha said:

An interesting fact on ChangeLog:

Thu Mar 11 21:50:32 CET 2004 (tk)
-
 * libclamav: rar: added support for encrypted archive (Encrypted.RAR)
   detection


To make an obvious statement.
Clamav should add encrypted compression detection support for all formats
it supports.
As we will see more variants...
I just guess this is in the works. It was easy to add for ZIP (using a 
patch from a fellow user), but other archive types have been delayed for 
work on 0.70.

Thomas

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files

[Helmut Schneider]

Fajar A. Nugraha wrote:

 Helmut Schneider wrote:
 
 Thats the point, if clamav would have detected the virus in the
 original mail I wouldn't have posted here... :) 
 
 Aaah :)
 
 In that case,
 test the original mail (not just the attachments) on
 http://www.gietl.com/test-clamav/.
 If it's not detected, submit it to
 
 http://www.nervous.it/~nervous/cgi-bin/sendvirus.cgi

done.

Thanks, Helmut


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70alloc_id638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problem in install ClamAV

[Paul Constable]

My apologies, for not furnishing more detail.

I obtained a tarball and built from source.

I have all pieces in place that you mention, but when trying to stimulate the 
the daemon by a script i.e clamctl I get a compliant that it cannot parse the 
conf.file.

When typing just 'clamd' on the commandline either as myself or as root, I get 
no response whatsoever.


On Tuesday 16 Mar 2004 09:13, Fajar A. Nugraha wrote:
 Paul Constable wrote:
 I am suffering the same problem, I'm running SuSE 9 Pro.
 Typing 'clamd' gives no response whatsoever,

 Again, how do you get your package (rpm, source, binary .tar.gz, etc)?
 Next, find out where your clamav.conf is. There sould be a line similar to

 LocalSocket /tmp/clamd == The location of your socket
 LogFile /usr/local/share/clamav/clamd.log == clamd log file

 You might use syslog for clamd instead of LogFile. In that case, to help
 debugging,
 add LogFile line to clamav.conf. Make sure that file/directory is
 writable by clamav user.
 Then, start clamd and see what your clamd.log says. A successful start
 would have
 these entries :

 Tue Mar 16 16:12:15 2004 - +++ Started at Tue Mar 16 16:12:15 2004
 Tue Mar 16 16:12:15 2004 - Log file size limit disabled.
 Tue Mar 16 16:12:15 2004 - Running as user root (UID 0, GID 0)
 Tue Mar 16 16:12:15 2004 - Reading databases from /usr/local/share/clamav
 Tue Mar 16 16:12:15 2004 - Protecting against 20350 viruses.
 Tue Mar 16 16:12:16 2004 - *Unix socket file /tmp/clamd*
 Tue Mar 16 16:12:16 2004 - Setting connection queue length to 30
 Tue Mar 16 16:12:16 2004 - Archive: Archived file size limit set to
 10485760 bytes.
 Tue Mar 16 16:12:16 2004 - Archive: Recursion level limit set to 5.
 Tue Mar 16 16:12:16 2004 - Archive: Files limit set to 1000.
 Tue Mar 16 16:12:16 2004 - WARNING: USING HARDCODED LIMIT: Archive:
 Compression ratio limit set to 200.
 Tue Mar 16 16:12:16 2004 - Archive support enabled.
 Tue Mar 16 16:12:16 2004 - RAR support disabled.
 Tue Mar 16 16:12:16 2004 - Mail files support disabled.
 Tue Mar 16 16:12:16 2004 - OLE2 support disabled.
 Tue Mar 16 16:12:16 2004 - Self checking every 3600 seconds.
 Tue Mar 16 16:12:16 2004 - ERROR: Clamuko is not available.

 clamscan has installed and is
 functional.
 My symptoms are the same.
 
 What do I need to do I have read as much info as I can get hold of.
 Would clamav-milter installation improve the situation.
 
 I'm using amavisd-new to tie everything together, spamassassin is working
 fine.

 You don't need clamav-milter for amavisd-new. Just read amavisd-new docs
 or config file,
 see where it expects clamd to be (path to local socket, or TCP port)
 then change
 your clamav.conf to match it. It might help if you run clamav as the
 same user as amavis
 (e.g change User line on clamav.conf).


 Regards,

 Fajar


 ---
 This SF.Net email is sponsored by: IBM Linux Tutorials
 Free Linux tutorial presented by Daniel Robbins, President and CEO of
 GenToo technologies. Learn everything from fundamentals to system
 administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
 ___
 Clamav-users mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/clamav-users

-- 
~~~
  The box says: Win98, WinNT or BETTER. That's why I installed Linux.
~~~


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Freshclam on update problem

[Mike Fish]

When I 
enter

freshclam 
--on-update-execute='echo DONE'

the database updates 
but the command doesn't execute. I've tried lots of variations but no 
joy.

I ultimately want 
freshclam to run from CRON and execute a script that emails me if the update 
fails. The script works fine, but freshclam doesn't execute 
it.

No errors are 
returned.

version 
0.68

Please 
help

Re: [Clamav-users] ScanStream errors

[Krzysztof Snopek]

Sorry, I forgot to add:
clamav version 0.67-1
Krzysztof Snopek


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] sendmail does not use clamav ?!

[Sergey]

On Tuesday 16 March 2004 11:07, Andrei Bucur wrote:

 i add next lines in sendmail.mc:
 INPUT_MAIL_FILTER(`clmilter',`S=local:/var/clamd/clamd-milter.sock,F=,
 T=S:4m;R:4m')dnl
 define(`confINPUT_MAIL_FILTERS', `clmilter')

Please see 
ps awwx|grep clam

clamav-milter must be run with local:/var/clamd/clamd-milter.sock parameter.

-- 
Regards,
Sergey



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ScanStream errors

[Alex S Moore]

On Tue, 16 Mar 2004 09:29:57 +0100 (CET)
Krzysztof Snopek [EMAIL PROTECTED] wrote:

 After weeks of running clamd+clamav-milter without any problems
 (Solaris9 sparc, sendmail 8.12.10), today morning something wrong
 happened. Below are some lines from clamd.log :
 
 Tue Mar 16 03:57:46 2004 - ERROR: ScanStream: accept() failed.

After going back further in clamd.log, I am seeing exactly the same thing
on Solaris 9 sparc, sendmail 8.12.11 + milter.  It started yesterday
morning and I had to shut down clamav.

I ran a find for anything changed in the past 2 days, but found nothing of
significance.  Could a clam database change have caused this?  The database
was reloaded about 2 hours earlier.  My message volume is fairly low and it
could have taken 2 hours to start enough threads to reach the maximum. 
Once this problem starts, all sorts of bad things start occurring.

Thanks, Alex


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problem in install ClamAV

[Fajar A. Nugraha]

Paul Constable wrote:

My apologies, for not furnishing more detail.

I obtained a tarball and built from source.

 

Good :)

I have all pieces in place that you mention, but when trying to stimulate the 
the daemon by a script i.e clamctl I get a compliant that it cannot parse the 
conf.file.

 

Where does clamctl comes from? That file doesn't exist in devel (CVS) 
version.
You probably should edit that script to modify file locations. I 
recommend you
look at init script called clamd on contrib/init/RedHat and 
contrib/init/SuSE
directories of the source package. Use it. I tested the RedHat init and 
it works fine.

When typing just 'clamd' on the commandline either as myself or as root, I get 
no response whatsoever.

 

There shouldn't be any. You will get the response on syslog or on your 
clamd log file.
As I said earlier, you should add a LogFile line on clamav.conf, start 
clamd,
and look at the content of that file

Regards,

Fajar



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam on update problem

[Fajar A. Nugraha]

Mike Fish wrote:

When I enter
 
freshclam --on-update-execute='echo DONE'
 
the database updates but the command doesn't execute. I've tried lots 
of variations but no joy.
I think on update means if freshclam successfully downloads an update
Which means it won't execute the command if your database is already up 
to date.


[EMAIL PROTECTED] /]# freshclam --on-update-execute=echo DONE
ClamAV update process started at Tue Mar 16 20:03:47 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 21, sigs: 20094, f-level: 1, builder: 
tkojm)
Reading CVD header (daily.cvd): OK
daily.cvd is up to date (version: 187, sigs: 389, f-level: 1, builder: 
diego)

[EMAIL PROTECTED] /]# rm /usr/local/share/clamav/*.cvd
[EMAIL PROTECTED] /]# freshclam --on-update-execute=echo DONE
ClamAV update process started at Tue Mar 16 20:04:30 2004
Reading CVD header (main.cvd): OK
Downloading main.cvd [*]
main.cvd updated (version: 21, sigs: 20094, f-level: 1, builder: tkojm)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
daily.cvd updated (version: 187, sigs: 389, f-level: 1, builder: diego)
Database updated (20483 signatures) from clamav.antispam.or.id 
(202.134.0.71).
Clamd successfully notified about the update.
DONE

[EMAIL PROTECTED] /]# freshclam -V
freshclam / ClamAV version devel-20040316
=

Regards,

Fajar

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] FreeBSD and log rotation

[Bart Silverstrim]

On Mar 16, 2004, at 12:55 AM, Odhiambo Washington wrote:
 I have seen some people on the list say that clamd will stop working
if the maximum logfile size is hit?
Well, that was discussed, but they also gave solutions with the use of
logrotate.
I was hoping not to add another rotation system to FreeBSD unless it 
was really the only way to do it; my understanding was that FreeBSD 
prefers to have newsyslog handle the rotation of logs.  Also it seemed 
as if some people had the problem of it stopping but others didn't; I 
didn't find a definitive if you run version X this happens, if you run 
version Y this happens instead... type of response and there were 
simply too many posts to sort through to get the summary extracted of 
the problem so I thought I'd just ask now that I hoped the dust had 
settled :-)


Is there anyone using newsyslog to rotate the logs for clamd, and if 
so
what is  your conf file line to do it?
BTW, there are new versions on the website, so go for them. There is an
entry in the Changelog from the CVS checkout I just did a few minutes
ago:
snip
And this is only set up on the CVS version, the sighup support, correct?

I wonder when that will make it's way into the ports.  I rely primarily 
on the portupgrades procedure to keep things in sync with updates; if 
we have too many things fragmented (whose network isn't if you have 
more than five users? :-) then updates get overlooked or fixing systems 
can get complicated. :-/


PS: I use daemontools to monitor clamd, and I use other methods to
rotate my log file, so don't blame me if the above approach makes
your box to go up in flames ;)
Shoot, no fire suppression in the server room either...this sucks.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ScanStream errors

[Fajar A. Nugraha]

Krzysztof Snopek wrote:

Tue Mar 16 04:01:00 2004 - ERROR: ScanStream: accept() failed.
Tue Mar 16 04:02:27 2004 - ERROR: ScanStream: Can't create temporary
file.
 

[snip]

Could someone guess what happened?

 

was your /tmp full ?

By default, Solaris stores /tmp on system memory (and swap) as tmpfs.
It has size limit AND number of files limit. Even if  'df -k' shows that
/tmp is still empty, sometimes you're unable to create any file on /tmp
if there are too many files there (depends on amount of
physical system memory).
Rebooting will clean /tmp entirely.

You could try moving /tmp elsewhere (e.g to a physical disk).
Regards,
Fajar

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam on update problem

[Kritof Petr]

Mike Fish wrote:

When I enter
 
freshclam --on-update-execute='echo DONE'
 
the database updates but the command doesn't execute. I've tried lots 
of variations but no joy.
 
I ultimately want freshclam to run from CRON and execute a script that 
emails me if the update fails. The script works fine, but freshclam 
doesn't execute it.
 
What about to use absolute paths as /bin/echo ?

Petr



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] mbox archives vs. individual posts

[Florian-Daniel Otel]

[I've e-mailed this few days ago from a non-subscribed address and the
only thing I've got was  pending moderator approval. Sorry if you
receive this in duplicate]


Hello all,


I remember seeing this problem before in a past thread (I cannot
re-locate it atm) but there was  no solution, so here it comes again:

When using clamscan --mbox on a mail archive in mbox format, it does
not detect the virus, in particular Worm.SomeFool.Gen-1  (aka
Netsky.D). But if I save that particular mail in a file of its owm,
clamscan correctly detects the virus.

I am aware that clamscan should be pipe-ed from MTA or whatnot, but
IMHO this should work properly on mbox _archives_ too...

Any idea how to fix this ? Any workaraound (e.g. wrapping shell,
de-MIME-fying tool/script)?  

I'm running  ClamAV version 0.67+CVS20040305, as per Debian unstable
0.67-7 package version.

TIA,

Florian



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] A lot of open network connections

[Mikolaj Rydzewski]

Hello,

I'm using clamav version 0.67 and clamav-milter version 0.66n on FreeBSD
5.2.1. I have noticed a lot of open (and maybe unused) clamav's network
connections. For example:

clamav   clamav-mil 47720 1  stream /var/run/clamav/milter.sock
clamav   clamav-mil 47720 2  stream (not connected)
clamav   clamav-mil 47720 5  stream /var/run/clamav/milter.sock
clamav   clamav-mil 47720 6  stream (not connected)
clamav   clamav-mil 47720 10 stream (not connected)
clamav   clamd  13262 4  stream /var/run/clamav/clamd.sock
clamav   clamd  13262 8  tcp4   *:56359   *:*
clamav   clamd  13262 11 tcp4   *:46278   *:*
clamav   clamd  13262 12 tcp4   127.0.0.1:46278
127.0.0.1:53379
clamav   clamd  13262 14 tcp4   *:10717   *:*
clamav   clamd  13262 21 tcp4   *:8898*:*
clamav   clamd  13262 22 tcp4   127.0.0.1:8898
127.0.0.1:52912
clamav   clamd  13262 24 tcp4   *:56565   *:*
clamav   clamd  13262 27 tcp4   *:3810*:*
clamav   clamd  13262 271tcp4   127.0.0.1:37125
127.0.0.1:56628
clamav   clamd  13262 272tcp4   *:19916   *:*

There are 366 connections of the form:
clamav   clamd  13262 272tcp4   *:19916   *:*

These are open ports and scanning my machine with nmap shows them open!
Is there any serious reason for clamav to open such ports and keep them
open for such a long time?

Regards

--
Mikolaj Rydzewski




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ScanStream errors

[Krzysztof Snopek]

On Tue, 16 Mar 2004, Alex S Moore wrote:

 After going back further in clamd.log, I am seeing exactly the same thing
 on Solaris 9 sparc, sendmail 8.12.11 + milter.  It started yesterday
 morning and I had to shut down clamav.

 I ran a find for anything changed in the past 2 days, but found nothing of
 significance.  Could a clam database change have caused this?  The database
 was reloaded about 2 hours earlier.  My message volume is fairly low and it

Looks like possible cause... looking in my log:

Tue Mar 16 01:00:28 2004 - Reading databases from /usr/local/share/clamav
Tue Mar 16 01:00:30 2004 - Database correctly reloaded (20482 viruses)
Tue Mar 16 01:18:38 2004 - Session 0 stopped due to timeout.
Tue Mar 16 01:46:22 2004 - Session 1 stopped due to timeout.
Tue Mar 16 02:00:57 2004 - SelfCheck: Database status OK.
Tue Mar 16 02:13:24 2004 - Session 1 stopped due to timeout.
Tue Mar 16 02:41:16 2004 - Session 0 stopped due to timeout.
Tue Mar 16 03:01:25 2004 - SelfCheck: Database status OK.
Tue Mar 16 03:08:18 2004 - Session 0 stopped due to timeout.
Tue Mar 16 03:35:01 2004 - Session 0 stopped due to timeout.
Tue Mar 16 03:57:46 2004 - ERROR: ScanStream: accept() failed.
Tue Mar 16 03:57:47 2004 - ERROR: ScanStream: accept() failed.
and then the whole troubles like in my previous letter.
 The log above is complete, nothing has been cut. There were no mail
except for those timeouts, and when after 3 h from database reloading
new mail arrived, it went wrong way.

Krzysztof Snopek


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamd devel-20040316 - Hang on DB reload

[Robert Blayzor]

Using clamd snapshot 20040316 on FreeBSD 4.9

Still having problems when clamd reloads the virus definitions.  I've moved
the DB to local disk from NFS, and still see the same problem.  We have
several servers that all randomly run into this problem.  It seems to hold
up all the threads and take a REALLY long time..

Mar 16 10:01:41 mx0-b clamd[83930]: No stats for Database check - forcing
reload 
Mar 16 10:01:41 mx0-b clamd[83930]: Reading databases from
/usr/local/share/clamav
Mar 16 10:09:29 mx0-b clamd[83930]: Database correctly reloaded (20482
viruses) 


Almost eight minutes in some cases.  It does not appear to be a server
resource issue as when I checked the IO history, swap, CPU load, all were
way below normal, ie: 5-10% utilization.

Anyone else seeing this problem?

--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
PGP: http://www.inoc.net/~dev/
Key fingerprint = 1E02 DABE F989 BC03 3DF5  0E93 8D02 9D0B CB1A A7B0

Calculating in binary code is as easy as 01,10,11.




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Freshclam died

[Jim Maul]

I am running 0.67-1 from RPM on redhat 9.

I used to run freshclam from cron but since the daemonized 0.67 freshclam
was released i have been using it that way to reduce load on freshclam
servers.  Anyway, this morning i noticed that freshclam wasnt running.
Checking my freshclam.log shows

--
ClamAV update process started at Sun Mar  7 17:31:59 2004
ERROR: Maximal time (1200 seconds) reached.

And that was it.  There hasnt been another entry since and freshclam quit
after it.  I supposed it is acceptable that due to network issues, freshclam
may be unable to update the database, but it definitely should not die
because of it.

Restarting freshclam (service freshclam start) works fine again but does
anyone know why it died to begin with?  I may just go back to the cron
version to prevent this in the future.

Thanks

Jim Maul
Eastern Long Island Hospital
631-477-5417



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Encrypted RAR Signature

[Chris Meadors]

 Submission: 2005
 Sender: Fisher
 Submitted virus name: Unknown Virus
 Virus name: Worm.Bagle.Gen-rarpwd
 Notes: Signature added through daily.cvd version 187 to 
 Notes: detect password protected RAR files.
 Added: No 

Is this signature in effect for all scans, or only those with the
ArchiveDetectEncrypted option set?

-- 
Chris



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ScanStream errors

[Bugs]

I saw the same thing after I downloaded the new binaries for
our Tru64 server.

I did some testing and found that when I used the previous
clamdscan binary, everything worked again. It even picks up
viruses that were missed before, and caught by our banned
extensions recipe.
So I am using all the new binaries and libraries except for
clamdscan.
Bugs


On Tue, 16 Mar 2004, Alex S Moore wrote:

-On Tue, 16 Mar 2004 09:29:57 +0100 (CET)
-Krzysztof Snopek [EMAIL PROTECTED] wrote:
-
- After weeks of running clamd+clamav-milter without any problems
- (Solaris9 sparc, sendmail 8.12.10), today morning something wrong
- happened. Below are some lines from clamd.log :
-
- Tue Mar 16 03:57:46 2004 - ERROR: ScanStream: accept() failed.
-
-After going back further in clamd.log, I am seeing exactly the same thing
-on Solaris 9 sparc, sendmail 8.12.11 + milter.  It started yesterday
-morning and I had to shut down clamav.
-
-I ran a find for anything changed in the past 2 days, but found nothing of
-significance.  Could a clam database change have caused this?  The database
-was reloaded about 2 hours earlier.  My message volume is fairly low and it
-could have taken 2 hours to start enough threads to reach the maximum.
-Once this problem starts, all sorts of bad things start occurring.
-
-Thanks, Alex
-
-

-This SF.Net email is sponsored by: IBM Linux Tutorials
-Free Linux tutorial presented by Daniel Robbins, President and CEO of
-GenToo technologies. Learn everything from fundamentals to system
-administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
-___
-Clamav-users mailing list
-[EMAIL PROTECTED]
-https://lists.sourceforge.net/lists/listinfo/clamav-users
-


Bugs Brouillard Unix system administrator
Humboldt State Univ.Information Technology Services
Arcata, Calif.

email [EMAIL PROTECTED]


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Glibc and different versions of clam

[Scott Harris]

Title: Glibc and different versions of clam






A while back I was in the process of upgrading my system to 

the new glibc and had to revert back. This left some libraries 

etc around and the end result in I have trouble compiling clamav.


I can compile clamscan (0.70 rc) just fine, but I'm stuck on old 

version of freshclam (0.65). Until I can fix all the libraries, it is 

ok to run an old version of freshclam?


Thanks,


Scott

Re: [Clamav-users] ScanStream errors

[Alex S Moore]

On Tue, 16 Mar 2004 16:51:44 +0100 (CET)
Krzysztof Snopek [EMAIL PROTECTED] wrote:

  The log above is complete, nothing has been cut. There were no mail
 except for those timeouts, and when after 3 h from database reloading
 new mail arrived, it went wrong way.

Are you using GNU compiler and make?  I found that my problems started with
clamav code changes somewhere this month.  I have been using Sun's compiler
and make tools for several months without a major problem.  A code change
this month appears to have stopped my ability to use Sun's devel tools.

I think the problem is fixed for me, but time will tell.  I switched to GNU
compiler and make.

Note that this still could be a problem with my server.

Alex


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Installed latest rpms of clamAV; LibClamAV Error: !Can't open /dev/urandom errors persist

[Edward W. Ray]

 ClamAV will no longer start.  The following is from my /var/log/messages:

Mar 16 10:08:17 ns2 clamd: clamd shutdown failed
Mar 16 10:08:17 ns2 clamd: LibClamAV Error: !Can't open /dev/urandom.
Mar 16 10:08:17 ns2 last message repeated 189 times
Mar 16 10:08:17 ns2 clamd: LibClamAV Error: !Can'
Mar 16 10:08:17 ns2 clamd: t open /dev/urandom.
Mar 16 10:08:17 ns2 clamd: LibClamAV Error: !Can't open /dev/urandom.
Mar 16 10:08:18 ns2 last message repeated 286 times
Mar 16 10:08:18 ns2 clamd: LibClamAV Error: !Can'
Mar 16 10:08:18 ns2 clamd: t open /dev/urandom.
Mar 16 10:08:18 ns2 clamd: LibClamAV Error: !Can't open /dev/urandom.
Mar 16 10:08:18 ns2 last message repeated 189 times
Mar 16 10:08:18 ns2 clamd: L
Mar 16 10:08:18 ns2 clamd: ibClamAV Error: !Can't open /dev/urandom.
Mar 16 10:08:18 ns2 clamd: LibClamAV Error: !Can't open /dev/urandom.
Mar 16 10:08:18 ns2 last message repeated 188 times
Mar 16 10:08:18 ns2 clamd: LibClamAV Error: !Can't
Mar 16 10:08:18 ns2 clamd:  open /dev/urandom.
Mar 16 10:08:18 ns2 clamd: LibClamAV Error: !Can't open /dev/urandom.
Mar 16 10:08:18 ns2 last message repeated 3 times
Mar 16 10:08:18 ns2 clamd: clamd startup failed

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Fajar A.
Nugraha
Sent: Monday, March 15, 2004 6:10 PM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] LibClamAV Error: !Can't open /dev/urandom.

Edward W. Ray wrote:

Sorry, though it was in the e-mail.

RH 9 Linux system running clamv v0.67

[EMAIL PROTECTED] root]# ls -l /dev/urandom 
crwxr-xr-x1 root root   1,   9 Mar  9 17:22 /dev/urandom 

  

I can't say much about 0.67, but I know that I'm running the latest CVS
snapshot version on Fedora Core 1 and it works great.
Try RPM packages. If that doesn't work, try
http://www.clamav.net/snapshot/clamav-devel-latest.tar.gz.
Many problems were fixed in CVS. Perhaps this is one of them.

Incase it matters (which shouldn't), my /dev/urandom is
crw-r--r--1 root root   1,   9 Mar 15 16:48 /dev/urandom

Regards,

Fajar


---
This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial
presented by Daniel Robbins, President and CEO of GenToo technologies. Learn
everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] RE: Nbr of signatures

[Antony Stone]

On Tuesday 16 March 2004 5:53 pm, Alex S Moore wrote:

 Has the number of virus signatures increased significantly lately?  I
 thought there were around 21,000 but now I have this msg in clamd.log.

 Tue Mar 16 11:45:22 2004 - Protecting against 40969 viruses.

You have two copies of the database on your system - probably both old (*.db?) 
and new (*.cvd) files in the same directory.

Regards,

Antony.

-- 
I don't know, maybe if we all waited then cosmic rays would write all our 
software for us. Of course it might take a while.

 - Ron Minnich, Los Alamos National Laboratory

 Please reply to the list;
   please don't CC me.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Troubles with recent clamav's

[turgut kalfaoglu]

I am running clamav under SunOS 5.8.  Ever since version 0.67 (or so, I 
am not checking them regularly) , I have been unable to leave ClamAV 
running. It does run, but after some minutes, it stops processing 
emails. It is still running, in fact, it uses up to 85% of the CPU(!), 
but no email goes thru. Did anyone else experience this problem?

I am even trying the nightly snapshots, and the patches suggested on 
this list like the /dev/urandom patch, but no luck so far..  -turgut



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] RE: Nbr of signatures

[Mike Cathey]

On Tue, 2004-03-16 at 12:53, Alex S Moore wrote:
 Tue Mar 16 11:45:22 2004 - Protecting against 40969 viruses.

It sounds like you have viruses.db* in /var/lib/clamav (or wherever you
have your db files) along with the CVDs.  Try deleting the *db* files
and see what that does.

You should only have main.cvd and daily.cvd.

Cheers,

Mike



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] RE: Nbr of signatures

[Kevin Spicer]

On Tue, 2004-03-16 at 17:53, Alex S Moore wrote:
 Has the number of virus signatures increased significantly lately?  I
 thought there were around 21,000 but now I have this msg in clamd.log.
 
 Tue Mar 16 11:45:22 2004 - Protecting against 40969 viruses.
 
Maybe you have both old and new style databases in place - suggest you
delete the old ones.




BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Troubles with recent clamav's

[Everton da Silva Marques]

On Tue, Mar 16, 2004 at 03:36:40PM +0200, turgut kalfaoglu wrote:
 I am running clamav under SunOS 5.8.  Ever since version 0.67 (or so, I 
 am not checking them regularly) , I have been unable to leave ClamAV 
 running. It does run, but after some minutes, it stops processing 
 emails. It is still running, in fact, it uses up to 85% of the CPU(!), 
 but no email goes thru. Did anyone else experience this problem?

Yes.

I have posted a similiar issue here:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg06462.html

Doug Hardie is tracking a similar issue:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg06907.html

Do you have ScanMail enabled? It seems ScanMail
renders clamd really unstable.

I haven't found a final fix other than to watch clamd.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam died

[Tomasz Kojm]

On Tue, 16 Mar 2004 11:28:53 -0500
Jim Maul [EMAIL PROTECTED] wrote:

 I am running 0.67-1 from RPM on redhat 9.
 
 I used to run freshclam from cron but since the daemonized 0.67
 freshclam was released i have been using it that way to reduce load on
 freshclam servers.  Anyway, this morning i noticed that freshclam
 wasnt running. Checking my freshclam.log shows
 
 --
 ClamAV update process started at Sun Mar  7 17:31:59 2004
 ERROR: Maximal time (1200 seconds) reached.
 
 And that was it.  There hasnt been another entry since and freshclam
 quit after it.  I supposed it is acceptable that due to network
 issues, freshclam may be unable to update the database, but it
 definitely should not die because of it.

We are aware of it and that should be fixed in the final 0.70 version.

-- 
   oo. Tomasz Kojm [EMAIL PROTECTED]
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Mar 16 21:02:26 CET 2004


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] A lot of open network connections

[Tomasz Kojm]

On Tue, 16 Mar 2004 15:48:00 +0100
Mikolaj Rydzewski [EMAIL PROTECTED] wrote:

 Hello,
 
 I'm using clamav version 0.67 and clamav-milter version 0.66n on

0.67 is obsolete, better install 0.70-rc or 0.68-1

 FreeBSD 5.2.1. I have noticed a lot of open (and maybe unused)
 clamav's network connections. For example:

As a workaround you can switch clamav-milter to local mode (local
sockets) with --quarantine-dir.

-- 
   oo. Tomasz Kojm [EMAIL PROTECTED]
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Mar 16 21:06:52 CET 2004


pgp0.pgp
Description: PGP signature

[Clamav-users] inverse of adding custom filters?

[Damian Menscher]

Not that I currently have a use for this, but the idea of false
positives scares me.  I know if I find a virus that's not included in
the .cvd I can create my own .db with a signature.  But what if I find a
signature that blocks non-virus mail?  Is there anything that can be
done locally?

About all I can think of would be to unpack the .cvd to a .db and then
remove the offending lines.  But I'm wondering if there's a method that
would survive the freshclam updates.

Damian Menscher
-- 
-=#| Physics Grad Student  SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers: |#=-
-=#| UIUC CITES Security Group || Beckman Imaging Technology Group |#=-


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files

[Lynn Duerksen]

 
 Fajar A. Nugraha wrote:
 
  Helmut Schneider wrote:
  
  seems that the clamav Port (0.67-1) has problems with RAR Files 
  (e.g.
  Bagle.N):
  
  To avoid missunderstandings, I know the file is pwd, but 
 clamav does 
  not recognize the virus within the archive (maybe a DB problem)...
  
  Sometimes the signatures were created using the complete mail, so 
  clamscan won't recognize the attachment alone but it will recognize 
  the complete mail.
  
  If you use clamscan, you can work around RAR errors using
  --unrar[=FULLPATH]   Enable support for 
 .rar files
  
  But since the RARs are password-protected, it's useless.
  My suggestion is try feeding the complete virus mail to clamscan 
  (instead of just the attachment), and see if it works.
 
 Thats the point, if clamav would have detected the virus in 
 the original mail I wouldn't have posted here... :)
 


I am experiencing similar problems on my OpenBSD 3.4 box and was
wondering if there has been any resolution on this issue.

I have an OpenBSD 3.3 stable box running in parallel with the OpenBSD
3.4 box that has caught the Worm.Bagle.Gen-rarpwd.

3.3 box running amavisd-new-20030616-p2 
patched to allow scanning of full message
clamav-0.67-1
unrar-2.50

3.4 box running amavisd-new-20030616-p8
/etc/amavisd.conf settings
$keep_decoded_original_re = new_RE(
qr'^MAIL$',   # retain full original message for virus checking
clamav-0.67-1
unrar-3.20beta3

Don't know if any of this information helps but only solution I have
right now is to ban all .rar files on the 3.4 box.

Thanks

L. A. Duerksen




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problem in install ClamAV

[Paul Constable]

Cheers my man that is now working with some modifications.
I at first got the following message:- 
'which: no clamd in (/usr/local/bin:/bin://usr/bin:/usr/X11R6/bin)
This I remedied by moving into the first location.  My question is where does 
this path come from as it is not in any of the conf files, presumably PATH ?

The script clamctl came from a Debian based document, the only information I 
could get that gave pointers for idiots like me..


If you could put me right on the last questions I will be eternally grateful.

Once again thanks, and power to 'open source' it always delivers, including 
the community.

Paul
On Tuesday 16 March 2004 12:42, Fajar A. Nugraha wrote:
 Paul Constable wrote:
 My apologies, for not furnishing more detail.
 
 I obtained a tarball and built from source.

 Good :)

 I have all pieces in place that you mention, but when trying to stimulate
  the the daemon by a script i.e clamctl I get a compliant that it cannot
  parse the conf.file.

 Where does clamctl comes from? That file doesn't exist in devel (CVS)
 version.
 You probably should edit that script to modify file locations. I
 recommend you
 look at init script called clamd on contrib/init/RedHat and
 contrib/init/SuSE
 directories of the source package. Use it. I tested the RedHat init and
 it works fine.

 When typing just 'clamd' on the commandline either as myself or as root, I
  get no response whatsoever.

 There shouldn't be any. You will get the response on syslog or on your
 clamd log file.
 As I said earlier, you should add a LogFile line on clamav.conf, start
 clamd,
 and look at the content of that file

 Regards,

 Fajar



 ---
 This SF.Net email is sponsored by: IBM Linux Tutorials
 Free Linux tutorial presented by Daniel Robbins, President and CEO of
 GenToo technologies. Learn everything from fundamentals to system
 administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
 ___
 Clamav-users mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] [OT] UDP to port 1828 like crazy

[Michael St. Laurent]

I'm seeing tons of network activity all UDP traffic to port 1828.  Is this
an indication of a virus?

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamd devel-20040316 - Hang on DB reload

[Robert Blayzor]

On 3/16/04 10:53 AM, Robert Blayzor [EMAIL PROTECTED] wrote:

More on this...

 Using clamd snapshot 20040316 on FreeBSD 4.9
 
 Still having problems when clamd reloads the virus definitions.  I've moved
 the DB to local disk from NFS, and still see the same problem.  We have
 several servers that all randomly run into this problem.  It seems to hold
 up all the threads and take a REALLY long time..
 
 Mar 16 10:01:41 mx0-b clamd[83930]: No stats for Database check - forcing
 reload 
 Mar 16 10:01:41 mx0-b clamd[83930]: Reading databases from
 /usr/local/share/clamav
 Mar 16 10:09:29 mx0-b clamd[83930]: Database correctly reloaded (20482
 viruses) 

I caught clamd reloading the database.  When it does, clamd takes up a TON
of resources while it reloads.

  PID USERNAME PRI NICE  SIZERES STATE  C   TIME   WCPUCPU COMMAND
28362 root  63   0 21840K 20548K CPU0   1  20:57 99.02% 99.02% clamd


It eventually continues...

Mar 16 16:46:34 mx0-a clamd[28362]: No stats for Database check - forcing
reload 
Mar 16 16:50:44 mx0-a clamd[28362]: Reading databases from
/usr/local/share/clamav
Mar 16 16:50:45 mx0-a clamd[28362]: Database correctly reloaded (20486
viruses) 


I'm also having a problem with random clamdscan's hanging immediately when
they connect to clamd.  They just hang around until the mail server thinks
they are dead and kills them.

I was using a UNIX socket, then switched to a TCP socket, and still have the
same problem.

--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
PGP: http://www.inoc.net/~dev/
Key fingerprint = 1E02 DABE F989 BC03 3DF5  0E93 8D02 9D0B CB1A A7B0

Beware of programmers who carry screwdrivers.  - Leonard Brandwein




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam died

[Lucas Albers]

This is a hack, but I run monit on my servers to restart failed services.
Works well, it's a hack but it sure jacks my perceived uptime.

Tomasz Kojm said:
 And that was it.  There hasnt been another entry since and freshclam
 quit after it.  I supposed it is acceptable that due to network
 issues, freshclam may be unable to update the database, but it
 definitely should not die because of it.

-- 
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam died

[Steven P. Donegan]

Lucas Albers wrote:

This is a hack, but I run monit on my servers to restart failed services.
Works well, it's a hack but it sure jacks my perceived uptime.
Tomasz Kojm said:
 

And that was it.  There hasnt been another entry since and freshclam
quit after it.  I supposed it is acceptable that due to network
issues, freshclam may be unable to update the database, but it
definitely should not die because of it.
 

Hmmm, I just do a freshclam from chron rather than let it run as a 
daemon - as a new user (I just downloaded, installed, integrated with my 
anti-spam/anti-virus proxy - home built, today). Is doing this in any 
way a negative thing?



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Troubles with recent clamav's

[Doug Hardie]

On Mar 16, 2004, at 11:48, Everton da Silva Marques wrote:

On Tue, Mar 16, 2004 at 03:36:40PM +0200, turgut kalfaoglu wrote:
I am running clamav under SunOS 5.8.  Ever since version 0.67 (or so,  
I
am not checking them regularly) , I have been unable to leave ClamAV
running. It does run, but after some minutes, it stops processing
emails. It is still running, in fact, it uses up to 85% of the CPU(!),
but no email goes thru. Did anyone else experience this problem?
Yes.

I have posted a similiar issue here:
http://www.mail-archive.com/[EMAIL PROTECTED]/ 
msg06462.html

Doug Hardie is tracking a similar issue:
http://www.mail-archive.com/[EMAIL PROTECTED]/ 
msg06907.html
The problem I encountered has now been identified and I have a working  
clamd that does not hang.  I compiled it two different ways and both  
worked.  The problem was /dev/urandom returning either a -1 or a 0.   
Either of those will cause others.c to hang as it does not test for  
that condition.  One approach was to put in a trivial test for it and  
exit from the loop.  The other was to remove the define for C_URANDOM  
in the .h file.  Both of those approaches worked in my testing.  Since  
I couldn't easily determine if the first would have some side effects  
if it didn't return enough random bits, I have gone with the second  
approach.  My production server has been running for slightly over 6  
hours now and no problems have been seen.

In case it might help someone else, the approach I used to find the  
problem was to use a test system and pass a large number of directories  
(The FreeBSD source code) to clamdscan and let it beat clamd up for  
about 5 minutes.  Then I let it finish what it could and return to its  
idle state.  At that point it was using all the available CPU time.   
I entered it via gdb and let it single step around awhile to find out  
where it really was and what was going on.  Ktrace was not helpful as  
it kept showing a poll with a time period of 0.  Apparently the poll is  
in the read code.  A messy way to test, but it worked.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam died

[Chris Meadors]

Steven P. Donegan wrote:

Hmmm, I just do a freshclam from chron rather than let it run as a 
daemon - as a new user (I just downloaded, installed, integrated with my 
anti-spam/anti-virus proxy - home built, today). Is doing this in any 
way a negative thing?
I don't think it hurts, and from the reports of freshclam dying, it 
might be better for now.  Just make sure you don't have your cron job 
running on the hour.  Too many people do that, and it really loads up 
the servers.  Pick a random number for the minutes after the hour.

I do run my freshclam with --daemon, and have it set to do 13 checks a 
day.  So it gets started at a random time when the server boots, and 
since 13 doesn't go into 24 evenly, it always checks on a different 
minute mark.  I guess eventually I'll hit the hour and then it will take 
over 6000 more updates to hit on the hour again.  :)

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Installed latest rpms of clamAV; LibClamAV Error: !Can't open /dev/urandom errors persist

[Fajar A. Nugraha]

Edward W. Ray wrote:

ClamAV will no longer start.  The following is from my /var/log/messages:

 

How about compiling yourself from latest CVS snapshot?
http://www.clamav.net/snapshot/clamav-devel-latest.tar.gz


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam died

[Fajar A. Nugraha]

Steven P. Donegan wrote:

Hmmm, I just do a freshclam from chron rather than let it run as a 
daemon - as a new user (I just downloaded, installed, integrated with 
my anti-spam/anti-virus proxy - home built, today). Is doing this in 
any way a negative thing?

Not if you set it to run on random minute (e.g. not 0). If you set it up as

0 * * * * /usr/local/bin/freshclam

then you might be among those people who floods database mirrors during 
update checks :)

Better change the 0 to something random (e.g. 19, 34, etc).

Regards,

Fajar

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Troubles with recent clamav's

[Fajar A. Nugraha]

Doug Hardie wrote:

The problem I encountered has now been identified and I have a 
working  clamd that does not hang.  I compiled it two different ways 
and both  worked.  The problem was /dev/urandom returning either a -1 
or a 0.   Either of those will cause others.c to hang as it does not 
test for  that condition.  
Aaaah :) So that's my I never had those problem. My Solaris 8 simply 
don't have /dev/urandom, thus clamav was using software rand() instead :)
A quick hack would be using` ./configure --disable-urandom`.
Has this test been incorporated in recent CVS snapshot yet?

Regards,

Fajar



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Glibc and different versions of clam

[Fajar A. Nugraha]

Scott Harris wrote:

A while back I was in the process of upgrading my system to
the new glibc and had to revert back.  This left some libraries
etc around and the end result in I have trouble compiling clamav.
I can compile clamscan (0.70 rc) just fine, but I'm stuck on old
version of freshclam (0.65).  Until I can fix all the libraries, it is
ok to run an old version of freshclam?
The temporary solution is to make sure that both freshclam
and clamd (any version) use the same database diretory.
If you do that, worst thing that can happen is freshclam downloads
old viruses.db* files instead of *.cvd, but clamd and clamscan
should be able to use it anyway.
Anyway, what could be so hard about deleting old clamav files?
The important ones are just
-libclamav.* (on /usr/lib/ or /usr/local/lib/)
-clamscan, clamdscan, sigtool, freshclam (on /usr/bin/ or 
/usr/local/bin/)
-clamd (on /usr/sbin/ or /usr/local/sbin/)
-clamav.conf (on /etc or /usr/local/etc)

Regards,

Fajar

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam died

[Steven P. Donegan]

Fajar A. Nugraha wrote:

Steven P. Donegan wrote:

Hmmm, I just do a freshclam from chron rather than let it run as a 
daemon - as a new user (I just downloaded, installed, integrated with 
my anti-spam/anti-virus proxy - home built, today). Is doing this in 
any way a negative thing?

Not if you set it to run on random minute (e.g. not 0). If you set it 
up as

0 * * * * /usr/local/bin/freshclam

then you might be among those people who floods database mirrors 
during update checks :)

Better change the 0 to something random (e.g. 19, 34, etc).

Regards,

Fajar

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Well, on general principles I do that anyway :-) But thanks for the 
response.

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam died

[Steven P. Donegan]

Chris Meadors wrote:

Steven P. Donegan wrote:

Hmmm, I just do a freshclam from chron rather than let it run as a 
daemon - as a new user (I just downloaded, installed, integrated with 
my anti-spam/anti-virus proxy - home built, today). Is doing this in 
any way a negative thing?


I don't think it hurts, and from the reports of freshclam dying, it 
might be better for now.  Just make sure you don't have your cron job 
running on the hour.  Too many people do that, and it really loads up 
the servers.  Pick a random number for the minutes after the hour.

I do run my freshclam with --daemon, and have it set to do 13 checks a 
day.  So it gets started at a random time when the server boots, and 
since 13 doesn't go into 24 evenly, it always checks on a different 
minute mark.  I guess eventually I'll hit the hour and then it will 
take over 6000 more updates to hit on the hour again.  :)

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Well, being the geek from the 60's who counts CPU cycles and RAM usage I 
don't run any daemon I can avoid - silly of me in these days I guess - 
probably why I still code in C rather than C++/Java/Pick your 
way-too-much-inherited-stuff language :-)

At some point I'll look into the clam code itself and see if I can 
contribute anything - but at present I'm working on my own SMTP proxy 
with anti-spam/anti-virus/SPF support (the only 'email caller id' thing 
with usable code out there so far) etc. Right now that toy is killing 
90+ percent of the garbage email that comes in to the 20+ domains I host 
here. Small, but progress.

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Installed latest rpms of clamAV; LibClamAV Error: !Can't open /dev/urandom errors persist

[Fajar A. Nugraha]

Fajar A. Nugraha wrote:


ClamAV will no longer start.  The following is from my 
/var/log/messages:

How about compiling yourself from latest CVS snapshot?
http://www.clamav.net/snapshot/clamav-devel-latest.tar.gz
You might also want to try
./configure --disable-urandom during compiling
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Installed latest rpms of clamAV; LibClamAV Error: !Can't open /dev/urandom errors persist

[Edward W. Ray]

Just not my day I guess.  On make in devel build:

cd ..  \
  /bin/sh /scsi2/tmp/clamav-devel-20040316/missing --run automake-1.6 --gnu
clamd/Makefile
aclocal.m4:4200: version mismatch.  This is Automake 1.6.3, but aclocal.m4
aclocal.m4:4200: was generated for Automake 1.6.1.  You should recreate
aclocal.m4:4200: aclocal.m4 with aclocal and run automake again.
make[1]: *** [Makefile.in] Error 1
make[1]: Leaving directory `/scsi2/tmp/clamav-devel-20040316/clamd'
make: *** [install-recursive] Error 1 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Fajar A.
Nugraha
Sent: Tuesday, March 16, 2004 7:32 PM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] Installed latest rpms of clamAV; LibClamAV
Error: !Can't open /dev/urandom errors persist

Fajar A. Nugraha wrote:


 ClamAV will no longer start.  The following is from my
 /var/log/messages:

 How about compiling yourself from latest CVS snapshot?
 http://www.clamav.net/snapshot/clamav-devel-latest.tar.gz

You might also want to try
./configure --disable-urandom during compiling


---
This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial
presented by Daniel Robbins, President and CEO of GenToo technologies. Learn
everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Installed latest rpms of clamAV; LibClamAV Error: !Can't open /dev/urandom errors persist

[Fajar A. Nugraha]

Edward W. Ray wrote:

Just not my day I guess.  On make in devel build:

cd ..  \
 /bin/sh /scsi2/tmp/clamav-devel-20040316/missing --run automake-1.6 --gnu
clamd/Makefile
aclocal.m4:4200: version mismatch.  This is Automake 1.6.3, but aclocal.m4
aclocal.m4:4200: was generated for Automake 1.6.1.  You should recreate
aclocal.m4:4200: aclocal.m4 with aclocal and run automake again.
make[1]: *** [Makefile.in] Error 1
make[1]: Leaving directory `/scsi2/tmp/clamav-devel-20040316/clamd'
make: *** [install-recursive] Error 1 

 

:)

This is a known resident problem on devel build. Sometimes it's there,
sometimes it's not.
The easiest work-around is to rename or remove (temporarily) 
/usr/bin/automake-1.6
to something else (e.g. /usr/bin/automake-1.6-old).
Then remove your build dir completely, untar from fresh source,
and re-run ./configure

With that trick, today's snapshot builds fine on Fedora Core 1
(http://clamav.or.id/snapshot/clamav-devel-latest.linux.tar.gz).
Some people said simply running aclocal, autoconf, and automake on your 
build dir
works. I haven't tried that though.

Regards,

Fajar

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Troubles with recent clamav's

[Turgut Kalfaoglu]

Thank you Everton!

 I have amavisd-new with spamassassin, and clamd is the only virus scanner
I have on that system. Therefore, when amavisd starts, it automatically
starts using clamd. However, with all the new versions, I noticed that
clamd would start out fine, clean out some viruses for some 10-20 minutes,
and then do nothing else. Nothing else visible in clamd.log, it just uses
lots of CPU and does nothing, while amavisd keeps waiting forever.

 Yesterday, as a stopgap solution, I wrote a C program to monitor the last
change time of clamd.log, and if it has not been changed in the last 3
minutes, I kick clamd and restart it. Ugly solution, and it will probably
have problems with amavisd, so I await a proper fix. 

 -turgut



On Tue, 16 Mar 2004, Everton da Silva Marques wrote:

 On Tue, Mar 16, 2004 at 03:36:40PM +0200, turgut kalfaoglu wrote:
  I am running clamav under SunOS 5.8.  Ever since version 0.67 (or so, I 
  am not checking them regularly) , I have been unable to leave ClamAV 
  running. It does run, but after some minutes, it stops processing 
  emails. It is still running, in fact, it uses up to 85% of the CPU(!), 
  but no email goes thru. Did anyone else experience this problem?
 
 Yes.
 
 I have posted a similiar issue here:
 http://www.mail-archive.com/[EMAIL PROTECTED]/msg06462.html
 
 Doug Hardie is tracking a similar issue:
 http://www.mail-archive.com/[EMAIL PROTECTED]/msg06907.html
 
 Do you have ScanMail enabled? It seems ScanMail
 renders clamd really unstable.
 
 I haven't found a final fix other than to watch clamd.
 
 
 
 ---
 This SF.Net email is sponsored by: IBM Linux Tutorials
 Free Linux tutorial presented by Daniel Robbins, President and CEO of
 GenToo technologies. Learn everything from fundamentals to system
 administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
 ___
 Clamav-users mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/clamav-users
 

-
Turgut Kalfaoglu:  http://www.kalfaoglu.com
EgeNet Internet Services: http://www.egenet.com.tr




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Troubles with recent clamav's

[Turgut Kalfaoglu]

I believe this is a different problem than mine - my SunOS does not have
/dev/urandom either..  -turgut


On Wed, 17 Mar 2004, Fajar A. Nugraha wrote:

 Doug Hardie wrote:
 
 
  The problem I encountered has now been identified and I have a 
  working  clamd that does not hang.  I compiled it two different ways 
  and both  worked.  The problem was /dev/urandom returning either a -1 
  or a 0.   Either of those will cause others.c to hang as it does not 
  test for  that condition.  
 
 Aaaah :) So that's my I never had those problem. My Solaris 8 simply 
 don't have /dev/urandom, thus clamav was using software rand() instead :)
 A quick hack would be using` ./configure --disable-urandom`.
 Has this test been incorporated in recent CVS snapshot yet?
 
 Regards,
 
 Fajar
 
 
 
 ---
 This SF.Net email is sponsored by: IBM Linux Tutorials
 Free Linux tutorial presented by Daniel Robbins, President and CEO of
 GenToo technologies. Learn everything from fundamentals to system
 administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
 ___
 Clamav-users mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/clamav-users
 

-
Turgut Kalfaoglu:  http://www.kalfaoglu.com
EgeNet Internet Services: http://www.egenet.com.tr




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users