Re: [Clamav-users] Determining the Current Virus DB Version / Date
Ryan Moore wrote: Lee W wrote: Hi All, I have just compiled ClamAV and have started playing out with it, however after reading though the man pages I have been unable to find an easy way of determining the current version or date of the Virus DB files. The --version switch the freshclam only reports the version of freshclam/clamav itself rather than the DB's. Is there an easy way of determing the current version other than tail'ing the freshclam log file? Regards Lee sigtool --info=/usr/local/share/clamav/daily.cvd Ryan Moore Thanks for the answer Ryan. I was hoping there would an easy way of getting a one line answer for the version/date rather than the amount of info the sigtool reports. I guess I will just had to write a slightly more detailed script than I originally though. Thanks again. Lee --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Determining the Current Virus DB Version / Date
On Saturday 19 June 2004 02:38 am, Lee W wrote: Ryan Moore wrote: Lee W wrote: Hi All, I have just compiled ClamAV and have started playing out with it, however after reading though the man pages I have been unable to find an easy way of determining the current version or date of the Virus DB files. The --version switch the freshclam only reports the version of freshclam/clamav itself rather than the DB's. Is there an easy way of determing the current version other than tail'ing the freshclam log file? sigtool --info=/usr/local/share/clamav/daily.cvd I was hoping there would an easy way of getting a one line answer for the version/date rather than the amount of info the sigtool reports. I guess I will just had to write a slightly more detailed script than I originally though. like what? sigtool --info=/usr/local/share/clamav/daily.cvd | head -l 1 wow. tough. ;) -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Sendmail pukes (more info)
A list member suggested running clamd as root (temporarily, of course). Sendmail no longer complains. I'm getting the following error now... clamav-milter[17693]: Expected port information from clamd, got '' sm-mta[17703]: i5J2IuTg017703: Milter: data, reject=451 4.7.1 Please try again later Are you running clamd with INET or UNIX domain sockets? If the former try telneting to clamd and see if it talks. Scott --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: AW: [Clamav-users] uncompressing/scanning Mac archives (i.e. .sit, .sitx, and .hqx)
after having clamav up and running for a while -- it's great! thanks to all who develop || support it -- there's still another topic in status 'wip': how to uncompress .sit, .sitx, and .hqx files (usually sent/received by Mac users)? Seems that amavisd-new (an interface between MTA and virus scanner/content filters) supports .hqx files. I don't know about .sit and .sitx though - maybe not. thanks for your fast reply; i didn't state it here, but i do have clamd running glued together with amavisd-new. afaik amavisd-new doesn't support native hqx expansion, furthermore it relies on external apps regarding unpackung archives of server types either. thus, a dedicated hqx (sit/sitx) would be necessary to scan those files (AFAICS)... rgds, :x! This life is a test. It is only a test. Had this been an actual life, you would have received further instructions as to what to do and where to go. --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] bug in clamdscan
I've encountered this bug a few times: [EMAIL PROTECTED] test]# touch file1 [EMAIL PROTECTED] test]# touch file2 [EMAIL PROTECTED] test]# touch file3 [EMAIL PROTECTED] test]# ls file1 file2 file3 [EMAIL PROTECTED] test]# clamdscan file1 file2 file3 ERROR: Can't access file file1 file2 file3 file1 file2 file3: No such file or directory --- SCAN SUMMARY --- Infected files: 0 Time: 0.001 sec (0 m 0 s) but if I scan ONE file, it's fine. But scanning more than one file at a time causes this. I'm using the latest CVS version, downloaded just a couple of days ago. -- -- Dan --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Sendmail pukes
You might want to update your ports collection and try the latest version of clamav. The latest is .73 Scott Rothgaber wrote: Good Morning! Some time ago I installed clamav from source on a FreeBSD 5.0 machine that was also running Sendmail 8.12.10 and SA 2.63. Sendmail immediately complained that it couldn't allocate any memory, so I abandoned the project. At the time, I chalked it up to a FreeBSD issue. The 5.x tree is still considered a new technology release, according to their site. Last night I built a test machine with FreeBSD 4.10 which comes with Sendmail 8.12.11. Clamav 0.70 was installed from the ports collection. Once I got everything up and running, same thing... Sendmail complained about allocating memory. sm-mta[16002]: i5HJqC1e016002: SYSERR(root): out of memory: Cannot allocate memory Is this a known issue? If so, where can I read about it? Thanks! Scott --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
On Sat, 19 Jun 2004 10:09:48 -0600, Dan Egli [EMAIL PROTECTED] wrote: I've encountered this bug a few times: [EMAIL PROTECTED] test]# touch file1 [EMAIL PROTECTED] test]# touch file2 [EMAIL PROTECTED] test]# touch file3 [EMAIL PROTECTED] test]# ls file1 file2 file3 [EMAIL PROTECTED] test]# clamdscan file1 file2 file3 ERROR: Can't access file file1 file2 file3 file1 file2 file3: No such file or directory The same thing happens in 0.73. Reading the man page, it seems that it is a WAD. clamdscan [options] [file/directory] clamdscan scans one file or one directory tree clamscan works on multiple files. -- Steve --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
Steven Stern wrote: On Sat, 19 Jun 2004 10:09:48 -0600, Dan Egli [EMAIL PROTECTED] wrote: I've encountered this bug a few times: [EMAIL PROTECTED] test]# touch file1 [EMAIL PROTECTED] test]# touch file2 [EMAIL PROTECTED] test]# touch file3 [EMAIL PROTECTED] test]# ls file1 file2 file3 [EMAIL PROTECTED] test]# clamdscan file1 file2 file3 ERROR: Can't access file file1 file2 file3 file1 file2 file3: No such file or directory The same thing happens in 0.73. Reading the man page, it seems that it is a WAD. clamdscan [options] [file/directory] clamdscan scans one file or one directory tree clamscan works on multiple files. -- Steve --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users but I cannot scan a DIR either. [EMAIL PROTECTED] root]# clamdscan $PWD /root: Can't access the file ERROR --- SCAN SUMMARY --- Infected files: 0 Time: 0.001 sec (0 m 0 s) Can someone kindly explain why on earth you would write a scanner that only scans ONE FILE? The whole point of clamdscan is it's supposed to be faster than clamscan because it let's the daemon do the scanning, and it just acts as an interface. Doesn't make much sense to then cripple it by only working on one file at a time. -- -- Dan --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Saturday 19 June 2004 12:14 pm, Dan Egli wrote: Can someone kindly explain why on earth you would write a scanner that only scans ONE FILE? The whole point of clamdscan is it's supposed to be faster than clamscan because it let's the daemon do the scanning, and it just acts as an interface. Doesn't make much sense to then cripple it by only working on one file at a time. Slow down. Its has to be a bug. Its worked here several times in the past. I take it you never wrote code with bugs in it? Jeff - -- === Jabber: tradergt@(smelser.org|jabber.org) Quote: What would the BOFH do? === -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA1HfEld4MRA3gEwYRAjXoAKCFQG/v4xEgeS+5KZfGlSShJfawZwCgguvk NGmzteF+GX+HyNddvm8+NFs= =iRkq -END PGP SIGNATURE- --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
Dan Egli wrote: Steven Stern wrote: On Sat, 19 Jun 2004 10:09:48 -0600, Dan Egli [EMAIL PROTECTED] wrote: I've encountered this bug a few times: [EMAIL PROTECTED] test]# touch file1 [EMAIL PROTECTED] test]# touch file2 [EMAIL PROTECTED] test]# touch file3 [EMAIL PROTECTED] test]# ls file1 file2 file3 [EMAIL PROTECTED] test]# clamdscan file1 file2 file3 ERROR: Can't access file file1 file2 file3 file1 file2 file3: No such file or directory The same thing happens in 0.73. Reading the man page, it seems that it is a WAD. clamdscan [options] [file/directory] clamdscan scans one file or one directory tree clamscan works on multiple files. -- Steve but I cannot scan a DIR either. [EMAIL PROTECTED] root]# clamdscan $PWD /root: Can't access the file ERROR --- SCAN SUMMARY --- Infected files: 0 Time: 0.001 sec (0 m 0 s) Can someone kindly explain why on earth you would write a scanner that only scans ONE FILE? The whole point of clamdscan is it's supposed to be faster than clamscan because it let's the daemon do the scanning, and it just acts as an interface. Doesn't make much sense to then cripple it by only working on one file at a time. Just a guess but I'd bet it doesn't scan directories and files the run-as user has no access to. dp --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] bug in clamdscan
On Sat, Jun 19, 2004 at 11:14:35AM -0600, Dan Egli said: but I cannot scan a DIR either. [EMAIL PROTECTED] root]# clamdscan $PWD /root: Can't access the file ERROR --- SCAN SUMMARY --- Infected files: 0 Time: 0.001 sec (0 m 0 s) Can someone kindly explain why on earth you would write a scanner that only scans ONE FILE? The whole point of clamdscan is it's supposed to be faster than clamscan because it let's the daemon do the scanning, and it just acts as an interface. Doesn't make much sense to then cripple it by only working on one file at a time. That sounds like a permission problem - what user is clamd running as? It works here, for files clamd can read. -- -- | Stephen Gran | It would be illogical to kill without | | [EMAIL PROTECTED] | reason. -- Spock, Journey to Babel, | | http://www.lobefin.net/~steve | stardate 3842.4 | -- pgp5yMCWA6ROX.pgp Description: PGP signature
Re: [Clamav-users] bug in clamdscan
## Steven Stern ([EMAIL PROTECTED]): The same thing happens in 0.73. Reading the man page, it seems that it is a WAD. clamdscan [options] [file/directory] clamdscan scans one file or one directory tree clamscan works on multiple files. Have a look at the source :) - clamav-0.73/clamscan/options.c ll. 140, where opt-filename is created - clamav-0.73/clamscan/manager.c ll. 279, clamscan goes through the files - clamav-0.73/clamdscan/client.c ll. 208, clamdscan just uses opt-filename without the loop as in manager.c. It should be possible to put the logic from manager.c into client.c. Regards, Christoph -- Spare Space --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] problem with clamdscan
Folks, In my mail.log file, everything runs fine then all of a sudden I have been seeing Requeuing: Maximum time exceeded. Something cannot handle this message. at /var/qmail/bin/qmail-scanner-queue.pl line 529. I have to shutdown clamd (kill -9 usually, it never dies down) remove the /tmp/clamd file and restart. For awhile (about 6-8 hours) everything goes good then it does it again. I turned on logging and Im seeing stuff like this: Segmentation fault :-( Bye.. SelfCheck: Database status OK. /var/spool/qmailscan/tmp/mx110876776776295465/message.scr: Worm.SomeFool.P FOUND /var/spool/qmailscan/tmp/mx110876778096295688/www.freeporn4all_lwoody.zip: Worm.SomeFool.P FOUND /var/spool/qmailscan/tmp/mx110876781576296683/Readme.com: Worm.Bagle.Y FOUND SelfCheck: Database status OK. /var/spool/qmailscan/tmp/mx1108768140162914228/Details.zip: Worm.Bagle.Gen-zippwd FOUND SelfCheck: Database modification detected. Forcing reload. +++ Started at Sat Jun 19 18:21:31 2004 Log file size limited to 1048576 bytes. Verbose logging activated. Reading databases from /usr/local/share/clamav Protecting against 22019 viruses. Ive seen about 10 Seg. Faults and usually Im seeing SelfCheck: Database modification detected. Forcing reload right before it starts doing those requeuing errors, any ideas? Thanks! Steve
Re: [Clamav-users] Sendmail pukes (more info)
On Sat, 19 Jun 2004 11:22:33 +0100 Nigel Horne [EMAIL PROTECTED] wrote: A list member suggested running clamd as root (temporarily, of course). Sendmail no longer complains. I'm getting the following error now... clamav-milter[17693]: Expected port information from clamd, got '' sm-mta[17703]: i5J2IuTg017703: Milter: data, reject=451 4.7.1 Please try again later Are you running clamd with INET or UNIX domain sockets? If the former try telneting to clamd and see if it talks. Local socket. --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users