RE: [Clamav-users] Re: Virus Alias Database
On Tue, 2004-05-11 at 00:58, Mitch (WebCob) wrote: I'm sure there are many (including myself) that could be convinced to host mirrors once the concept stabilizes... Or alternatively, you could allow download of the db and functions so people wouldn't have to keep hitting your server... Thats the better idea, although idealogically I'm all for open source I have no intention of releasing the code that build the database. That is for purely practical reasons, most of it works by crawling the anti-virus vendors sites - as such if lots of people started to run it there would be significant load on their sites, which not only inconsiderate of us but also could lead to them blacklisting our IP's and/or changing their page format to make it much harder to parse. I'm certainly willing to open the front end, but I need to find out how easy it is to mirror a mysql database, I suppose I could script something that writes incrementals out to some web space. But it all needs more work first... I'm away for a few days, maybe I'll find time next week. Kevin BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Problem with daily: 308
Hi, since my freshclam got daily 308 yesterday I've experiencing an unusual high load on my mail servers running clamd: 8:56am up 56 days, 22:54, 4 users, load average: 6,61, 5,17, 5,73 PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND 16070 mail 18 0 19500 19M 828 R16,7 1,8 0:44 clamd 14370 mail 19 0 19500 19M 828 R15,9 1,8 0:55 clamd 16324 mail 20 0 19500 19M 828 R15,7 1,8 0:36 clamd 16229 mail 18 0 19500 19M 828 R15,5 1,8 0:41 clamd 13626 mail 16 0 19500 19M 828 R15,3 1,8 0:59 clamd I've to restart clamd every hour ... it was running ok for weeks. Is someone else seeing this behaviour too? I use clamav 0.70 in Linux Red Hat 7.3 TIA, Frank -- Email: [EMAIL PROTECTED] http://www.tu-chemnitz.de/~fri/ Work: Computing Services, Chemnitz University of Technology, Germany --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] ClamAV Status tag missing in headers marked as SPAM by spamassassin
ClamAV will not tag a message if spamassassin marks it as SPAM.
Messages not marked as SPAM:
X-Clamav-status: No
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11)
X-Spam-Level:
X-Spam-Status: No, hits=0.3 required=5.0 tests=NO_REAL_NAME autolearn=no
version=2.63
Status:
Messages marked as SPAM:
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11)
X-Spam-Level: ***
X-Spam-Status: Yes, hits=7.8 required=5.0 tests=CLICK_BELOW,
DATE_IN_FUTURE_12_24,DATE_SPAMWARE_Y2K,HTML_FONTCOLOR_UNKNOWN,
HTML_FONT_BIG,HTML_FONT_INVISIBLE,HTML_LINK_CLICK_HERE,HTML_MESSAGE,
HTML_TAG_BALANCE_BODY,HTML_TAG_BALANCE_HTML autolearn=no version=2.63
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=--=_40A07C48.C116274E
Status:
Spamassassin is set to run after ClamAV
below is a copy of my procmailrc file
# Scan for viruses
:0
VIRUS=|clamdscan --mbox --disable-summary --stdout -
:0fw
* VIRUS ?? ^.*: \/.* FOUND
| formail -b -f -t -I X-Clamav-status: Yes, $MATCH
:0Efw
| formail -b -f -t -I X-Clamav-status: No
:0fw
* 256000
| /usr/bin/spamassassin
DROPPRIVS=yes
:0fw
| /usr/bin/spamc
:0
* ^^rom[ ]
{
LOG=*** Dropped F off From_ header! Fixing up.
:0 fhw
| sed -e '1s/^/F/'
}
How do I know that ClamAV is scanning email marked as SPAM?
- Christopher
---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Re: Virus Alias Database
At 08:01 11-05-2004 +0100, you wrote: On Tue, 2004-05-11 at 00:58, Mitch (WebCob) wrote: I'm sure there are many (including myself) that could be convinced to host mirrors once the concept stabilizes... I'm certainly willing to open the front end, but I need to find out how easy it is to mirror a mysql database, I suppose I could script something that writes incrementals out to some web space. But it all needs more work first... I'm away for a few days, maybe I'll find time next week. Dump with mysqldump, something like: mysqldump --add-drop-table --lock-tables -u admin_user -p'admin_pw' virusdb virusdb.sql Line shouldn't wrap, but probably will. Compress it using tar. The whole process can be automated. If you want to do the modified records only then you would have to do it from within your script. B. --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ClamAV Status tag missing in headers marked as SPAM by spamassassin
Christopher wrote: ClamAV will not tag a message if spamassassin marks it as SPAM. [..] How do I know that ClamAV is scanning email marked as SPAM? Christopher, it must be problem in your procmails setting not in the clamav itself. Im running three milters (SpamAss-milter - ClamAV-milter - MailCorral-milter) and its OK. Petr My headers: X-Priority: 3 X-MSMail-Priority: Normal X-Spam-Flag: YES X-Spam-Status: Yes, hits=13.9 required=5.0 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on mail.host.com X-Virus-Scanned: clamd / ClamAV version 0.70, clamav-milter version 0.70j X-Filter-Version: MailCorral Ver 1.1.3 Content-Length: 5468 Status: RO --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] troubles with clamav-milter (signal 11 and hanging)
On Tue, May 11, 2004 at 04:33:26PM +0700, Alex Masterov wrote: Hello, All! I have installed Clamav stable release 0.70 (clamav-milter 0.70j) on FreeBSD 4.8-RELEASE from FreeBSD ports. I have sendmail from base system (8.12.8p1). Clamav-milter flags are: --postmaster-only --local --outgoing --max-children=50 \ [EMAIL PROTECTED] --dont-scan-on-error \ --headers --quarantine-dir=/usr/local/share/clamav/infected Now about my troubles. After several days of uptime, in my system log appear messages like this: May 10 15:43:43 prime /kernel: pid 48556 (clamav-milter), uid 15001: exited on signal 11 after every message in which a virus was found. Message was rejected anyway, but report to postmaster was not sent. Also, was founded, that sometimes several processes clamav-milter begin to consume processor and rise loag average to 12 and more. In this case only kill -9 can finish this processes. Restarting clamav-milter and clamd helps only for short time. I have searched in this mail list and found, cases like ignal 11ignal 11ignal 11my, but not found solution. Can anybody help me? May be try fresh version from CVS ? I heared that there is some fixes for BSD. I got all working good (clamd / ClamAV version 0.70, clamav-milter version 0.70j), but on linux (CRUX 1.3, kernel 2.4.26, Sendmail 8.12.11). Good speed, stable enough. -- Alex V. Kovirshin alexk at ss dot rgs dot ru --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] can't stop clamav-milter
On Monday 10 May 2004 7:21 pm, Matias Lopez Bergero wrote: I can't stop clamav-milter with the term signal. (kill pid) I must use the kill switch to end the process and after that remove by hand the sock created by clamav-milter to star the process again. You don't say your operating system or version of clamav/clamav-milter or the arguments to clamav-milter so you've left a lot to guess work at this end. Have you tried with the latest version from CVS? Are you using --max-children, if so look in /var/log/maillog and see if the message hit max-children limit occured anytime in the 60 seconds before you attempted to shutdown? Matías. -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: SomeFool.Q passed the clamscan clamav-milter
Please forward the original e-mail to me, zipped with password 'virus'. Hello ! I've got some of these too, and I sent'm through your submission form, without any feed-back yet. I sent some other samples two days ago, still no feed back Actually, anything I sent through your submission form seems useless, but the sample I sent to you directly drove you to fix a bug, which sounds valuable to me. So I'm puzzled : what should I do, send everything directly to you ? What's wrong in the analysis of the form-submitted samples ? Did I break some rule and unfortunately finished on some hidden viral-database-maintainer-black-list-of-lamers ? (Again I am clueless ;-) Flynn --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] troubles with clamav-milter (signal 11 and hanging)
On Tue, 11 May 2004, Alex Masterov wrote: Hello, All! I have installed Clamav stable release 0.70 (clamav-milter 0.70j) on FreeBSD 4.8-RELEASE from FreeBSD ports. I have sendmail from base system (8.12.8p1). Clamav-milter flags are: --postmaster-only --local --outgoing --max-children=50 \ [EMAIL PROTECTED] --dont-scan-on-error \ --headers --quarantine-dir=/usr/local/share/clamav/infected Now about my troubles. After several days of uptime, in my system log appear messages like this: May 10 15:43:43 prime /kernel: pid 48556 (clamav-milter), uid 15001: exited on signal 11 I have expereinced this as well. Turn off email notifications (--quiet). This problem may have been fixed in the CVS version. Mike Lambert --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: Virus Alias Database
- Original Message - From: Kevin Spicer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, May 11, 2004 3:01 AM Subject: RE: [Clamav-users] Re: Virus Alias Database On Tue, 2004-05-11 at 00:58, Mitch (WebCob) wrote: I'm sure there are many (including myself) that could be convinced to host mirrors once the concept stabilizes... Or alternatively, you could allow download of the db and functions so people wouldn't have to keep hitting your server... Thats the better idea, although idealogically I'm all for open source I have no intention of releasing the code that build the database. That is for purely practical reasons, most of it works by crawling the anti-virus vendors sites - as such if lots of people started to run it there would be significant load on their sites, which not only inconsiderate of us but also could lead to them blacklisting our IP's and/or changing their page format to make it much harder to parse. That is a very valid point. However, I don't know if it'll be a problem as for the most part it does appear to fall within fair use, providing you keep a link with their description/alias to obtain additional information. They'd more than likely view it as a potential opportunity to get new customers. (free advertising) I stumbled across a site that had alias definitions cross referenced (clam, trend, McAfee, etc) but I can't remember what it was for the life of me. --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Easiest/best sendmail integration
On Fri, 7 May 2004, Noel Jones wrote: At 12:27 PM 5/7/04, Mike Lambert wrote: The advantage is sending a 5xx reject instead of a 2xx message accepted for delivery to the connecting mta. It is now up to the connecting mta to deal with the message. It does reduce bandwidth if you reject before receiving the whole message. I don't know if clamav does this, but if it can, it should. No, it won't save bandwidth. Once the client sends DATA and you reply go ahead, you must wait for the DOT to 550 them. If you break the connection before all the data has been sent, even if you send a response code the client will see a dropped connection and (correctly) attempt to send the whole message again. Hmmm, appears to have been a bad assumption on my part. Thank you the correction. Mike Lambert --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] troubles with clamav-milter (signal 11 and hanging)
On Tuesday 11 May 2004 1:47 pm, Mike Lambert wrote: On Tue, 11 May 2004, Alex Masterov wrote: --postmaster-only --local --outgoing --max-children=50 \ [EMAIL PROTECTED] --dont-scan-on-error \ --headers --quarantine-dir=/usr/local/share/clamav/infected I have expereinced this as well. Turn off email notifications (--quiet). This problem may have been fixed in the CVS version. Or turn off scanning of local e-mails (--outgoing) Mike Lambert -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Error during MAKE..
I haven;t had any problems with other compilations, but this time the 'latest' gives me a hard time: Making all in clamscan make[2]: Entering directory `/export/home/turgut/sunos/clamav-devel-20040511/clamscan' source='../shared/output.c' object='output.o' libtool=no \ depfile='.deps/output.Po' tmpdepfile='.deps/output.TPo' \ depmode=gcc3 /bin/bash ../depcomp \ gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../shared -I../libclamav-g -O2 -c -o output.o `test -f '../shared/output.c' || echo './'`../shared/output.c ../shared/output.c:296: error: `LOG_AUTHPRIV' undeclared here (not in a function) ../shared/output.c:296: error: initializer element is not constant ../shared/output.c:296: error: (near initialization for `facilitymap[1].code') ../shared/output.c:296: error: initializer element is not constant ../shared/output.c:296: error: (near initialization for `facilitymap[1]') ../shared/output.c:297: error: initializer element is not constant ../shared/output.c:297: error: (near initialization for `facilitymap[2]') ../shared/output.c:298: error: initializer element is not constant ../shared/output.c:298: error: (near initialization for `facilitymap[3]') ../shared/output.c:299: error: `LOG_FTP' undeclared here (not in a function) ../shared/output.c:299: error: initializer element is not constant ../shared/output.c:299: error: (near initialization for `facilitymap[4].code') ../shared/output.c:299: error: initializer element is not constant ../shared/output.c:299: error: (near initialization for `facilitymap[4]') --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: Virus Alias Database
Kevin Spicer wrote: On Mon, 2004-05-10 at 18:24, jef moskot wrote: So, if I type in Netsky, I don't see any ties to SomeFool. If I put in SomeFool, I don't see any immediate reference to Netsky, but if I poke around a little, it becomes apparent that we're talking about the same thing. But if you put in Worm.somefool (which is what clam actually calls it), or click on worm.somefool vendor clamav when you search on 'contains somefool' You can see it is Netsky as reported by some other vendors Not sure how it should be implemented, Me either! My current thinking is to do it as automatically as possible, otherwise I'll just get bored / occupied doing something else and not keep the alias mapping up to date I did think about doing some kind of 'smart-search' but thats going to need some thinking about. Maybe... Do you actually run multiple AV vendor products on your machine? My idea (which I clearly don't have the monetary backing to implement) was to run as many AV products as possible on every email coming through my system. Not only would this virtually insure that your mail server's mail is virus free (albeit at great system CPU and monetary expense), but you'd also be able to automate the aliasing process with great ease for new viruses, as well as flag and auto-submit viruses that ClamAV doesn't detect yet. I think you might even be able to sell that sort of service to ISPs, as long as you make the monthly or yearly membership price low enough. Your current setup looks like a great effort, but it doesn't seem to work very well. I type in 'netsky' with Virus name contains above selected, then click on Netsky.AB Vendor: Fsecure and the resulting page doesn't even mention Worm.Somefool.AB. I'm impressed by the information that *is* there though. If you can tweak it until it spits out more relevant information then it looks like you'll have a winning service. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clamav installed clamscan works clamdscan does not.
From /etc/clamav.conf # TCP port address. #TCPSocket 3310 clamd will only run as local socket or inet socket not both at the same time. You probably have clamd running as local so when clamdscan tries to connect to the port it gets a connection refused. You will need to check your config and adjust accordingly. Ok, well now I get: clamdscan ./ ERROR: Clamd is not configured properly. --- SCAN SUMMARY --- Infected files: 0 Time: 0.000 sec (0 m 0 s) So how can I troubleshoot not configured properly? What should I check first. Roger Try enabling debug and foreground in the conf and see what that gives you. Also I'll paste my clamav.conf and you can look through it and see if you have something out of place. Hopefully I wont get flamed to death for posting the whole thing but it's only 6845 bytes. If anyone wants to mull over my conf and advise me on any changes I should do I wouldn't mind that either My original setup was basically identical to your clamav.conf. I am back to that. I am trying to use a local socket. This is where I get a connection refused error. It's been set with Foreground and I tried running it with Debug. With Debug I haven't received any additional messages. It should write something to the local socket file when it starts, right? That part is not occurring. Likely why I'm getting connection refused, but how do I get it to write the socket? Roger --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Error during MAKE..
On Tue, May 11, 2004 at 05:22:02PM +0300, turgut kalfaoglu wrote: I haven;t had any problems with other compilations, but this time the 'latest' gives me a hard time: Making all in clamscan make[2]: Entering directory `/export/home/turgut/sunos/clamav-devel-20040511/clamscan' source='../shared/output.c' object='output.o' libtool=no \ depfile='.deps/output.Po' tmpdepfile='.deps/output.TPo' \ depmode=gcc3 /bin/bash ../depcomp \ gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../shared -I../libclamav-g -O2 -c -o output.o `test -f '../shared/output.c' || echo './'`../shared/output.c ../shared/output.c:296: error: `LOG_AUTHPRIV' undeclared here (not in a function) ../shared/output.c:296: error: initializer element is not constant ../shared/output.c:296: error: (near initialization for `facilitymap[1].code') ../shared/output.c:296: error: initializer element is not constant ../shared/output.c:296: error: (near initialization for `facilitymap[1]') ../shared/output.c:297: error: initializer element is not constant ../shared/output.c:297: error: (near initialization for `facilitymap[2]') ../shared/output.c:298: error: initializer element is not constant ../shared/output.c:298: error: (near initialization for `facilitymap[3]') ../shared/output.c:299: error: `LOG_FTP' undeclared here (not in a function) ../shared/output.c:299: error: initializer element is not constant ../shared/output.c:299: error: (near initialization for `facilitymap[4].code') ../shared/output.c:299: error: initializer element is not constant ../shared/output.c:299: error: (near initialization for `facilitymap[4]') What os? compiler? etc... missing syslog.h ? -- Alex V. Kovirshin alexk at ss dot rgs dot ru --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] entry on maillog - what does it mean?
I have several entries like the following on my maillog: May 11 00:01:56 myserver.com sendmail[10505]: i4B4wPY10505: milter_write(clamav): write(D) returned -1, expected 5: Broken pipe What does it mean? Thanks Cecilia Mtz --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Problems with False Positives for Oversized Zip.
Hi All, We have seen instances where we are sending out zip files which are picked up as virus-Oversized Zip. Can we disable this particular option without disabling scanning of Archives? Typical size ~ 15Mb before compression 600Kb after compression. Regards, Dave --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problems with False Positives for Oversized Zip.
On Tue, 11 May 2004 17:30:13 +0100 Dave Stocker [EMAIL PROTECTED] wrote: Hi All, We have seen instances where we are sending out zip files which are picked up as virus-Oversized Zip. Can we disable this particular option without disabling scanning of Archives? Typical size ~ 15Mb before compression 600Kb after compression. 1) update 2) RTM ! -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue May 11 19:40:18 CEST 2004 pgp0.pgp Description: PGP signature
[Clamav-users] Re: can't stop clamav-milter
Nigel Horne wrote: On Monday 10 May 2004 7:21 pm, Matias Lopez Bergero wrote: I can't stop clamav-milter with the term signal. (kill pid) I must use the kill switch to end the process and after that remove by hand the sock created by clamav-milter to star the process again. You don't say your operating system or version of clamav/clamav-milter or the arguments to clamav-milter so you've left a lot to guess work at this end. Hi, Clamav is running on Linux 2.4.2. ClamAV version 0.70 and clamav-milter version 0.70j. I am running clamav-milter in the following way: clamav-milter --max-children=7 -HCfloN -U /var/tmp/quarantine/ /var/run/clamav/clmilter.sock I have seen one time that clamav-milter has had more processes than the number specified by the --max-children flag. Have you tried with the latest version from CVS? No. I am running the 0.70/0.70j version. It is safe to run clamav from CVS in production environments? Are you using --max-children, if so look in /var/log/maillog and see if the message hit max-children limit occured anytime in the 60 seconds before you attempted to shutdown? Yes. I have a lot of hit max-children limit messages from clamav-milter in the maillog file. Should I first stop clamd and then try to stop clamav-milter? Thank you very much for your time. with Best Regards! Matías. --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamd Leaking?
This might be slightly off-base here, but anyone know if clamd leaks and if there's any current patch? I'm running 0.70-rc. Below's the memory usage showing clamd eating up the mem resource. 2621 qscand15 0 815M 477M 352 S 0.5 47.4 462:01 1 clamd Same problem here, on different servers. I've been unable to get the reason for that, so temporarily stopped clamd from use in production environments. Sometimes (sporadic) clamd calls all memory until the server/process crash. --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problems with False Positives for Oversized Zip.
- Original Message - From: Dave Stocker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, May 11, 2004 12:30 PM Subject: [Clamav-users] Problems with False Positives for Oversized Zip. Hi All, We have seen instances where we are sending out zip files which are picked up as virus-Oversized Zip. Can we disable this particular option without disabling scanning of Archives? Typical size ~ 15Mb before compression 600Kb after compression. Regards, Dave Is it possible that the contents are infected? Just tested 2 zip'd files reg size 170MB compressed 43MB which went through fine. --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Error during MAKE..
On Tue, 11 May 2004, Alex V. Kovirshin wrote: ; On Tue, May 11, 2004 at 05:22:02PM +0300, turgut kalfaoglu wrote: ; I haven;t had any problems with other compilations, but this time the ; 'latest' gives me a hard time: ; ; ; Making all in clamscan ; ../shared/output.c:296: error: `LOG_AUTHPRIV' undeclared here (not in a ; function) ; ../shared/output.c:299: error: `LOG_FTP' undeclared here (not in a function) ; ; What os? compiler? etc... ; missing syslog.h ? I have the same problem on Solaris, the LOG_AUTHPRIV and LOG_FTP facilities aren't available on that platform - presumably they're Linux extensions ? If you remove the lines in options.c which contain LOG_AUTHPRIV and LOG_FTP then it should compile. Andy --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] email link virii
Is it even possible for ClamAV on an MTA to block WALLON-style virii that only include a link to themselves? http://secunia.com/virus_information/9323/ [EMAIL PROTECTED]805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -eprint join er,reverse',','l hack',' P','Just anoth' --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
