Re: [Clamav-users] clamscan --mbox question
Graham Toal wrote: I want to use clamscan to check mail files (just one mail per file). These are not in Unix mbox format. Although they start with mail headers, the first line is not From ... Viruses are not recognised whether I use plain clamscan or clamscan --mbox. They can only be recognised if I edit a From line in to the first line of the file. The structure of the mail filter is such that I would prefer not to have to do this. Is there any way I can scan these files without adding that line? Here is a typical header (from an EICAR test): X-Originating-Ip: 24.173.85.38 Message-Id: [EMAIL PROTECTED] Date: Mon, 12 Jul 2004 22:49:08 -0500 From: TESTVIRUS.org [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Virus Scanner Test #1 Mime-Version: 1.0 Content-Type: multipart/mixed; BounDary==_307115168==_ --=_307115168==_ Content-Type: text/plain; charset=us-ascii; format=flowed This message was sent to you because you or someone you know is testing your mail server's virus scanner at: http://www.testvirus.org ... Suggestions? thanks Graham PS Version is clamscan / ClamAV version devel-20040630 The solution is to either add X-Originating-Ip: to the magic items in libclamav/mbox.c (or was it scanners.c?), and/or have Nigel Horne commit such change in CVS. Thomas --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] new to clamav
Morning afternoon and evening I am busy experimenting with clamav as we are looking for an alternative to our current av sollution, now while I managed without a single issue to install clam onto a debian based system (apt-get is my friend) :p now I _have_ to get it working on a Redhat 7.3 based system. I have tried installing from the normal binary rpm, but it wont work, so I am taking the route of installing from a src.rpm file. Heres where the problem lies, when running rpm --rebuild clamav-0.72-1.src.rpm I get the screen output, all goes well, up untill a specific point, heres the error I get, now in the past the _only_ way i have been able to get around this problem was by doing a complete install. In my current situation this is not possible as the systems are a kicistart system we install at our clients, hence the need for limitation. Heres my error checking for C compiler default output... conftest.c checking whether the C compiler works... configure: error: cannot run C compiled programs. If you meant to cross compile, use `--host'. error: Bad exit status from /var/tmp/rpm-tmp.86120 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.86120 (%build) [EMAIL PROTECTED] clam]# Any ideas ? :\ -- Marc Hultquist ([EMAIL PROTECTED]) Computerkit Systems (Pty) Ltd http://www.cks.co.za (P) +27 11 695 5317 (F) +27 11 312 1408 (C) +27 82 563 2861 Quote: Its a bad idea for geeks to be on low-carb diets. Low-carb means no sugar, no sugar means cravings, cravings mean a loss of concentration, losing concentration makes geeks irritable and geeks run the computers that run the world's banks and militaries !!! . . . . . . . . YE GODS !!! Give me a frosted chocolate cake before we plunge into anarchy !!! - (c) J.D. Illad Frazer(Userfriendly.org) Confidentiality Notice: The above message and all attachments may contain privileged and confidential information intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination, copy or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the material from your computer. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the view of the entity transmitting the message. Computerkit Retail Systems (Pty) Ltd hereby distances itself from and accepts no liability in respect of the unauthorised use of its e-mail facility or the sending of e-mail communications for other than strictly business purposes --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamscan --mbox question
On Tuesday 13 Jul 2004 05:26, Graham Toal wrote: I want to use clamscan to check mail files (just one mail per file). snip Viruses are not recognised whether I use plain clamscan or clamscan --mbox. They can only be recognised if I edit a From line in to the first line of the file. snip Suggestions? Graham PS Version is clamscan / ClamAV version devel-20040630 From the ChangeLog: Sat Jul 3 17:20:45 CEST 2004 (tk) -- * libclamav: use new method to detect mail files Please test with a version at least as new as devel-20040703 -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam - bizarre behaviour
On Mon, 2004-07-12 at 17:10, Brian Morrison wrote: On Mon, 12 Jul 2004 15:59:32 -0500 in [EMAIL PROTECTED] Daniel J McDonald [EMAIL PROTECTED] wrote: On Mon, 2004-07-12 at 15:04, Brian Morrison wrote: ERROR: Connection with clamav.database.net (IP: ???) failed. The A rr for database.clamav.net is too big to fit in a UDP datagram, so your DNS server has to allow TCP based queries in order to resolve the name. Ah right. Well I run bind here, but I don't explicitly tell it to allow TCP queries, at least not that I know about :) No, but you might have to check your firewall rules, both on the DNS server and externally protecting it... -- Daniel J McDonald, CCIE 2495, CNX Austin Energy --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clam-db-0.72 ?
Does anyone know where I can download the 0.72 clamav-dv file ? I looked on rpmfind.net, freshmeat.net, clamav.net and as of yet I have not been able to find _anything_ :\ Any help would be greatly appreciated ! Kind Regards -- Marc Hultquist ([EMAIL PROTECTED]) Computerkit Systems (Pty) Ltd http://www.cks.co.za (P) +27 11 695 5317 (F) +27 11 312 1408 (C) +27 82 563 2861 Quote: Its a bad idea for geeks to be on low-carb diets. Low-carb means no sugar, no sugar means cravings, cravings mean a loss of concentration, losing concentration makes geeks irritable and geeks run the computers that run the world's banks and militaries !!! . . . . . . . . YE GODS !!! Give me a frosted chocolate cake before we plunge into anarchy !!! - (c) J.D. Illad Frazer(Userfriendly.org) Confidentiality Notice: The above message and all attachments may contain privileged and confidential information intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination, copy or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the material from your computer. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the view of the entity transmitting the message. Computerkit Retail Systems (Pty) Ltd hereby distances itself from and accepts no liability in respect of the unauthorised use of its e-mail facility or the sending of e-mail communications for other than strictly business purposes --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamav-milter and sendmail 8.13.0 problem.
I am running Fedora Core 1, with sendmail 8.13.0 and installed clamav .74 1.1 from the following rpms: clamav-0.74-1.1.fc1.dag.i386.rpm clamav-db-0.74-1.1.fc1.dag.i386.rpm clamav-devel-0.74-1.1.fc1.dag.i386.rpm clamav-milter-0.74-1.1.fc1.dag.i386.rpm clamd-0.74-1.1.fc1.dag.i386.rpm My sendmail.mc contains: INPUT_MAIL_FILTER(`clmilter',`S=inet:[EMAIL PROTECTED], F=,T=S:10m;R:10m;E:10m')dnl define(`confINPUT_MAIL_FILTERS', `clmilter')dnl Upon reload of sendmail I get the following errors when mail is received by sendmail: Jul 12 17:39:08 mail4 sm-mta[32103]: i6CMd8en032103: SYSERR(root): out of memory: Cannot allocate memory I previously read there was a similar problem with clamav-milter but it was fixed. Is this possibly its return? Or could something else be causing it? Thanks, james
[Clamav-users] Malformed CVD ?
[EMAIL PROTECTED] etc]# freshclam ClamAV update process started at Tue Jul 13 15:05:11 2004 Connecting via 196.23.149.50 Reading CVD header (main.cvd): ERROR: Malformed CVD header detected. ERROR: Can't read main.cvd header from clamav.sonic.net (196.23.149.50) [EMAIL PROTECTED] etc]# Can someone help me here? No matter what mirror I set it to use in the freshclam.conf file I get the above error, this is with the correct proxy settings, STRANGE thing is that with a windows machine on the same desk, same everything, proxy settings etc, it can download the main.cvd and daily.cvd files just fine ? Please can someone help me here as I am at the end of my string ! :\ Kind Regards -- Marc Hultquist ([EMAIL PROTECTED]) Computerkit Systems (Pty) Ltd http://www.cks.co.za (P) +27 11 695 5317 (F) +27 11 312 1408 (C) +27 82 563 2861 Quote: Its a bad idea for geeks to be on low-carb diets. Low-carb means no sugar, no sugar means cravings, cravings mean a loss of concentration, losing concentration makes geeks irritable and geeks run the computers that run the world's banks and militaries !!! . . . . . . . . YE GODS !!! Give me a frosted chocolate cake before we plunge into anarchy !!! - (c) J.D. Illad Frazer(Userfriendly.org) Confidentiality Notice: The above message and all attachments may contain privileged and confidential information intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination, copy or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the material from your computer. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the view of the entity transmitting the message. Computerkit Retail Systems (Pty) Ltd hereby distances itself from and accepts no liability in respect of the unauthorised use of its e-mail facility or the sending of e-mail communications for other than strictly business purposes --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamav-milter and sendmail 8.13.0 problem.
I am running Fedora Core 1, with sendmail 8.13.0 and installed clamav .74 1.1 from the following rpms: clamav-0.74-1.1.fc1.dag.i386.rpm clamav-db-0.74-1.1.fc1.dag.i386.rpm clamav-devel-0.74-1.1.fc1.dag.i386.rpm clamav-milter-0.74-1.1.fc1.dag.i386.rpm clamd-0.74-1.1.fc1.dag.i386.rpm My sendmail.mc contains: INPUT_MAIL_FILTER(`clmilter',`S=inet:[EMAIL PROTECTED], F=,T=S:10m;R:10m;E:10m')dnl define(`confINPUT_MAIL_FILTERS', `clmilter')dnl Upon reload of sendmail I get the following errors when mail is received by sendmail: Jul 12 17:39:08 mail4 sm-mta[32103]: i6CMd8en032103: SYSERR(root): out of memory: Cannot allocate memory I previously read there was a similar problem with clamav-milter but it was fixed. Is this possibly its return? Or could something else be causing it? Thanks, James P.S. sorry for previous HTML post, for got to disable it. --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam - bizarre behaviour
On Tue, 13 Jul 2004 06:42:33 -0500 in [EMAIL PROTECTED] Daniel J McDonald [EMAIL PROTECTED] wrote: On Mon, 2004-07-12 at 17:10, Brian Morrison wrote: On Mon, 12 Jul 2004 15:59:32 -0500 in [EMAIL PROTECTED] Daniel J McDonald [EMAIL PROTECTED] wrote: On Mon, 2004-07-12 at 15:04, Brian Morrison wrote: ERROR: Connection with clamav.database.net (IP: ???) failed. The A rr for database.clamav.net is too big to fit in a UDP datagram, so your DNS server has to allow TCP based queries in order to resolve the name. Ah right. Well I run bind here, but I don't explicitly tell it to allow TCP queries, at least not that I know about :) No, but you might have to check your firewall rules, both on the DNS server and externally protecting it... The DNS server and all the other machines sit behind a router that uses NAT. The only firewall rules used for port 53 access is a block on source ports 137 to 139 to keep the XP box in its place. I suspect that there is something a bit odd in the freshclam code that only triggers under certain circumstances. If it happens again and I can identify what is happening using strace or similar then I will post here and/or file a bug report. All the time this was happening both host and dig returned the whole 15 A records for database.clamav.net quite happily, so it must be a freshclam/resolver library issue I think. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] new to clamav
Marc Hultquist wanted us to know: checking for C compiler default output... conftest.c checking whether the C compiler works... configure: error: cannot run C compiled programs. rpm -qa | grep gcc Sounds like you may not have the gcc-cpp package installed (the c pre-processor). -- Regards... Todd We should not be building surveillance technology into standards. Law enforcement was not supposed to be easy. Where it is easy, it's called a police state. -- Jeff Schiller on NANOG Linux kernel 2.6.3-8mdkenterprise 2 users, load average: 0.03, 0.03, 0.00 --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] UPDATE: clamav-milter and sendmail 8.13.0 problem.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Nelson Sent: Tuesday, July 13, 2004 9:53 AM To: [EMAIL PROTECTED] Subject: [Clamav-users] clamav-milter and sendmail 8.13.0 problem. I am running Fedora Core 1, with sendmail 8.13.0 and installed clamav .74 1.1 from the following rpms: clamav-0.74-1.1.fc1.dag.i386.rpm clamav-db-0.74-1.1.fc1.dag.i386.rpm clamav-devel-0.74-1.1.fc1.dag.i386.rpm clamav-milter-0.74-1.1.fc1.dag.i386.rpm clamd-0.74-1.1.fc1.dag.i386.rpm My sendmail.mc contains: INPUT_MAIL_FILTER(`clmilter',`S=inet:[EMAIL PROTECTED], F=,T=S:10m;R:10m;E:10m')dnl define(`confINPUT_MAIL_FILTERS', `clmilter')dnl Upon reload of sendmail I get the following errors when mail is received by sendmail: Jul 12 17:39:08 mail4 sm-mta[32103]: i6CMd8en032103: SYSERR(root): out of memory: Cannot allocate memory I previously read there was a similar problem with clamav-milter but it was fixed. Is this possibly its return? Or could something else be causing it? Thanks, James --- I switched form TCP sockets to local sockets for sake of testing. The memory error has ceased but a new error is occurring when clamav-milter attempts to scan the email. The error is below: Jul 13 13:03:26 mail4 sm-mta[16326]: i6DI3E3a016326: Milter (clmilter): local socket name /var/run/clmilter.sock unsafe Jul 13 13:03:26 mail4 sm-mta[16326]: i6DI3E3a016326: Milter (clmilter): to error state Any clue? James --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav-milter and sendmail 8.13.0 problem.
On Tue, 13 Jul 2004 11:19:19 -0500, James Nelson [EMAIL PROTECTED] wrote: I previously read there was a similar problem with clamav-milter but it was fixed. Is this possibly its return? Or could something else be causing it? Check the name(s) of the sock file defined (1) in the milter definition in sendmail.mc and (2) on the clamav-milter command line. (You can find the latter in /etc/sysconfig/clamav-milter and by looking at ps aux | grep clam.) If they are different, make them the same! If the same, make sure that the file is being created when clamav-milter starts. Also, make sure they're someplace where the owner of the clamav-milter process (usually clamav) has RW privs. I put mine in /var/run/clamav $ ll /var/run/clamav total 4 srwx-- 1 clamav clamav 0 Jul 2 16:02 clamav-milter.sock -rw-rw 1 clamav clamav 4 Jul 2 16:02 clamd.pid srwxrwxrwx 1 clamav clamav 0 Jul 2 16:02 clamd.sock $ ll -d /var/run/clamav drwxr-xr-x 2 clamav clamav 4096 Jul 2 16:02 /var/run/clamav -- Steve --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] UPDATE: clamav-milter and sendmail 8.13.0 problem.
On Tue, 13 Jul 2004 13:09:38 -0500 in [EMAIL PROTECTED] James Nelson [EMAIL PROTECTED] wrote: I switched form TCP sockets to local sockets for sake of testing. The memory error has ceased but a new error is occurring when clamav-milter attempts to scan the email. The error is below: Jul 13 13:03:26 mail4 sm-mta[16326]: i6DI3E3a016326: Milter (clmilter): local socket name /var/run/clmilter.sock unsafe Jul 13 13:03:26 mail4 sm-mta[16326]: i6DI3E3a016326: Milter (clmilter): to error state Any clue? Permissions on the socket perhaps? -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] UPDATE: clamav-milter and sendmail 8.13.0 problem.
On Tue, 13 Jul 2004 13:09:38 -0500 James Nelson [EMAIL PROTECTED] wrote: Jul 13 13:03:26 mail4 sm-mta[16326]: i6DI3E3a016326: Milter (clmilter): local socket name /var/run/clmilter.sock unsafe Jul 13 13:03:26 mail4 sm-mta[16326]: i6DI3E3a016326: Milter (clmilter): to error state The times that I have seen this message, it was because directories are group or world writable. See the sendmail Security document. Check permissions with: ls -ld /var and ls -ld /var/run Alex --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] UPDATE: clamav-milter and sendmail 8.13.0 problem.
On Tue, 13 Jul 2004 13:09:38 -0500, James Nelson [EMAIL PROTECTED] wrote: Jul 13 13:03:26 mail4 sm-mta[16326]: i6DI3E3a016326: Milter (clmilter): local socket name /var/run/clmilter.sock unsafe Jul 13 13:03:26 mail4 sm-mta[16326]: i6DI3E3a016326: Milter (clmilter): to error state The .sock file should be CHMOD to srwx-- under the owner of the clamav process, probably the user clamav. Change the clam* programs to use /var/run/clamav Create the directory manually and set the ownershp to clamav:clamav and the permissions to 755 and you should be OK. -- Steve --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] UPDATE: clamav-milter and sendmail 8.13.0 problem.
Jul 13 13:03:26 mail4 sm-mta[16326]: i6DI3E3a016326: Milter (clmilter): local socket name /var/run/clmilter.sock unsafe Jul 13 13:03:26 mail4 sm-mta[16326]: i6DI3E3a016326: Milter (clmilter): to error state Any clue? This is discussed in clamav-milter/INSTALL. If that doesn't work (and it usually does) then let me know. Just look for the string 'unsafe' in that file. -Nigel --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamav problems
i recently noticed that my clamav-7.0 was acting a bit wacky... so, i did a complete uninstall, deleted all instances of clam and installed the latest 0.74 version. i am using mac os x 10.3.4 server. my freshclam is reporting that it is protecting against 22624 known viruses and clamd is reporting 22623. it's always off by one... is this normal or is it something that i should worry about? my clamd logs aren't showing any error messages. thanks, charles charles x. morrissey [EMAIL PROTECTED] --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav problems
On Tue, 13 Jul 2004 18:02:16 -0400 charles x.morrissey [EMAIL PROTECTED] wrote: i recently noticed that my clamav-7.0 was acting a bit wacky... so, i did a complete uninstall, deleted all instances of clam and installed the latest 0.74 version. i am using mac os x 10.3.4 server. my freshclam is reporting that it is protecting against 22624 known viruses and clamd is reporting 22623. it's always off by one... is this normal or is it something that i should worry about? Run clamscan with --debug enabled and you'll see it ignores some signature(s). You can update to the latest development version to fix it. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Jul 14 00:38:56 CEST 2004 pgp8koj0wV2Or.pgp Description: PGP signature
Re: [Clamav-users] Clamd core dumped on FreeBSD 5.2 + exiscan
On Tue, 13 Jul 2004 09:05:09 +0400 Michael V. Sokolov [EMAIL PROTECTED] wrote: Jul 12 22:33:15 proton kernel: pid 32155 (clamd), uid 1004: exited on signal 6 this was 0.74, stable Jul 13 02:30:43 proton kernel: pid 77642 (clamd), uid 1004: exited on signal 6 this was clamd / ClamAV version devel-20040712 SIGABRT suggest it's an assertion issue. Please notice, that for some time all works fine, but anyway goes to core dumped :-( What does backtrack say ? -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Jul 14 02:37:01 CEST 2004 pgp3TEUXamIjM.pgp Description: PGP signature
[Clamav-users] Upgrading
I'm using clam 0.54-7mdk and was wondering should I upgrade and if so what's the easyest way? I'm using Mandrake 9.1 Thanks Alvin P.S. Has anyone got it to work with Thunderbird email? --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Upgrading
On Tue, 2004-07-13 at 17:41, A.R.S. KA9QLQ Alvin Koffman wrote: I'm using clam 0.54-7mdk and was wondering should I upgrade and if so what's the easyest way? I'm using Mandrake 9.1 Thanks Alvin P.S. Has anyone got it to work with Thunderbird email? 1. Absolutely. There have been many improvements between 0.54 and 0.74 (current stable version). 2. You can either rebuild from the SRPM in Mandrake cooker, or you can grab my RPMS for 9.2, which should work fine on your 9.1 system. [ftp://ftp.neocat.org/pub/RPMS/i586/] 3. Can't answer the question about Thunderbird. -Bill --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Upgrading
Cool, I'm not sure how to use SRPMs so I'll try your rpms. Thanks a gig Alvin Bill Randle wrote: On Tue, 2004-07-13 at 17:41, A.R.S. KA9QLQ Alvin Koffman wrote: I'm using clam 0.54-7mdk and was wondering should I upgrade and if so what's the easyest way? I'm using Mandrake 9.1 Thanks Alvin P.S. Has anyone got it to work with Thunderbird email? 1. Absolutely. There have been many improvements between 0.54 and 0.74 (current stable version). 2. You can either rebuild from the SRPM in Mandrake cooker, or you can grab my RPMS for 9.2, which should work fine on your 9.1 system. [ftp://ftp.neocat.org/pub/RPMS/i586/] 3. Can't answer the question about Thunderbird. -Bill --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav problems
thanks for the reply, isn't this the current release? freshclam daemon 0.74 (OS: darwin7.4.0, ARCH: ppc, CPU: powerpc) clam daemon 0.74 (OS: darwin7.4.0, ARCH: ppc, CPU: powerpc) this started happening with version 0.70, that's why i trashed it and installed 0.74. in clamav 0.70, i first noticed freshclam getting updated, 22623 viruses, than 4 hours later it would go back to 22654, then back again next cycle. that's when i noticed clamav always being behind by 1. i ran make uninstall, deleted everything under /usr/local/etc, /usr/local/bin, and /usr/local/share, then a clean install of clamav 0.74, this was friday... i don't see a newer version available. can someone help? charles x. morrissey [EMAIL PROTECTED] --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
