RE: [Clamav-users] Idea for more timely virusdb updates
I still don't see why rsync can't be used here. It can easily do incremental updates. True. However, (1) many firewall admins allow outgoing HTTP and DNS ports; I cannot say the same for rsync port. (2) The uncompressed signature (viruses.db*) files is a good candidate for rsync (or even a simple diff command). I don't know how well rsync or diff performs on the compressed-signed *.cvd. Hmmm... interesting points... but what about this option? Rsync and diff are generic patching mechanisms meant to accomodate data without a known format - we don't have that problem here. My understanding is that for the most part database updates are additions, though sometimes there may be deletions or updates to preexisting keys Lets say on the SERVER side, those updates were kept in something of the form: version|status|signature|md5 Where version is the version number containing the change... status is + (new sig), - (remove sig), or = (update sig) (the sematics are important, the values of the enum are not of course) and signature contains whatever the current fields of the database are... md5 would be the checksum of a database if all patches applied to this point are sucessful Then, any freshclam could connect, something like: http://somemirror.db?version=xxx The server would then return all updates xxx, which would allow the freshclam to patch it's local database, and verify the last md5 is a match for the md5 of the updated local db. If the update fails to produce a matching checksum, freshclam could then pull a fresh copy in it's entirety. This would mean the mirrors would have to support basic scripting (PHP?) but we could trade a significant portion of the bandwidth for a few cpu cycles... m/ --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] OS X with ClamAV
I'm in the prelim stages of assembling a new mail server with OS X (using regular OS X Panther, not OS X Panther Server). I'd like to use the Postfix daemon (already with Panther) and ClamAV (which I can get installed via Fink). Is there a simple way to get Postfix to hand off email to ClamAV for scanning? Anyone running OS X with ClamAV? -Bart Hi Bart, Take a look at the Tenon iTools support pages for a beginner's guide I wrote on just that - www.tenon.com - although it caters for Tenon iTools owners, the things I included are useful for people other than iTools owners as well. Look for the Spam virus filtering one - you may also like to check out the one for adding RBL blocking while you're there - it's also for Postfix. Hope that's of some use. -- Bye for now, Terry Allen ___ hEARd Postal Address: hEARd, 26B Glenning Rd, Glenning Valley, NSW 2261, Australia Internet - WWW: http://heard.com.au http://itavservices.com EMAIL: [EMAIL PROTECTED] Phone: Australia - 02 4388 1400 / International - + 61 2 43881400 Mobile: Australia - 04 28881400 / International - 61 4 28881400 --- Non profit promotion for new music - since 1994 --- --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamd - reloading of database delayed after freshclam update
On Mon, 16 Aug 2004 09:51:31 +0700 in [EMAIL PROTECTED] Fajar A. Nugraha [EMAIL PROTECTED] wrote: Brian Morrison wrote: Anyone any ideas as to why when freshclam updates daily.cvd, clamd does not reload the database until the next integrity check time arrives? I have told freshclam to notify clamd in freshclam.conf and passed the correct config file to clamd to ensure it gets the correct configuration but still this delay is there. Make sure you have this on freshclam.conf : NotifyClamd Yes, I have this. You'll have something like this on freshclam.log : -- Received signal 14, wake up ClamAV update process started at Sun Aug 15 17:27:15 2004 main.cvd is up to date (version: 24, sigs: 21793, f-level: 2, builder: tomek) daily.cvd updated (version: 454, sigs: 1624, f-level: 2, builder: acab) Database updated (23417 signatures) from clamav.antispam.or.id (202.134.0.71). *Clamd successfully notified about the update.* Yes, I get that too. However, clamd does not immediately report that it has reloaded the database, that happens the next time the Database check happens. Is that what you see? If so, then I suppose it is correct. -- Also, make sure you're not running really old version of clamav :) 0.75.1 -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Memory Problem
Hi all, I got at least few error messages a day from the log: LibClamAV Error: messageAddLine: out of memory LibClamAV Error: cli_realloc(): Can't re-allocate memory to 24 byte. Or LibClamAV Error: cli_realloc(): Can't re-allocate memory to 4391136 byte. realloc_problem: Cannot allLibClamAV Error: cli_realloc(): Can't re-allocate memory to 4391136 byte. I have already upgraded to clamav-0.75.1 and the softlimit has been increased to 4000. P.S. On some ocassion, clamscan will stick ifself to the background and do nothing - just eat up CPU resources. And also, the scanning message will stay in the /var/spool/qmailscan/tmp/ and /var/spool/qmailscan/working/new and the the process will then be stopped there. Any clues how to fix this? Many thanks, Wilson --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] OS X with ClamAV
To: [EMAIL PROTECTED] From: Bart Silverstrim [EMAIL PROTECTED] Date: Sun, 15 Aug 2004 17:21:24 -0400 Subject: [Clamav-users] OS X with ClamAV Reply-To: [EMAIL PROTECTED] I'm in the prelim stages of assembling a new mail server with OS X (using regular OS X Panther, not OS X Panther Server). I'd like to use the Postfix daemon (already with Panther) and ClamAV (which I can get installed via Fink). Is there a simple way to get Postfix to hand off email to ClamAV for scanning? Anyone running OS X with ClamAV? -Bart I am using clamd + amavis-new. Good results so far. See http://www.afp548.com/article.php?story=20040722203023941. Pascal --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Freshclam cron interval {Revisado por Antivirus}
On Sun, 15 Aug 2004, Mitch (WebCob) wrote: ; Please always try to _avoid_ to have cron based internet ; services run by the ; hour. Please consider another value than 0. What about 17 or 41 ; as the value ; for the minute? ; ; As per discussions on this list on awhile ago; I use the following for ; my crontab entry ;0 * * * * sleep $[ $RANDOM % 1800 ] ; /usr/local/bin/freshclam --quiet ; this causes it to sleep for a random period of time not exceeding 30 min ; before executing. ; ; Hmmm - couldn't this THEORETICALLY result in freshclam being run every few ; seconds? ; ; I know it's random, but without a lower end on the value, it is possible - ; right? No, the cron job only runs on the hour (minute == 0) so it will only run once per hour at a random time between hh:00 and hh:30. A. --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] [Solved] SomeFool.P/Q occasionally passing through
Todd Lyons wrote: Nigel Horne wanted us to know: On Friday 13 Aug 2004 8:08 pm, Todd Lyons wrote: I wonder. If you hit the max threads and are using the clamav-milter, then it will drop through. Try picking up the max threads in clamav.conf and see if that makes a difference. Not true. I thought the default setting in the sendmail.mc file resulted in a non temp failure passthrough if the milter stopped responding. No matter, you know much better than I what is happening. This is how it worked for me...After updating to QS-1.23 no worms got through ClamAV. In 4 days NAV didn't dectected even one virus and until this update I had 2-3 infected messages per day. Hope it stays that way. Anyway, I'll keep the list updated on the issue. Thanks all, Arthur --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamd - reloading of database delayed after freshclam update
Brian Morrison wrote: You'll have something like this on freshclam.log : -- Received signal 14, wake up ClamAV update process started at Sun Aug 15 17:27:15 2004 main.cvd is up to date (version: 24, sigs: 21793, f-level: 2, builder: tomek) daily.cvd updated (version: 454, sigs: 1624, f-level: 2, builder: acab) Database updated (23417 signatures) from clamav.antispam.or.id (202.134.0.71). *Clamd successfully notified about the update.* Yes, I get that too. However, clamd does not immediately report that it has reloaded the database, that happens the next time the Database check happens. Is that what you see? If so, then I suppose it is correct. Hmmm, now that you mention it, checking my version : bash-2.03# clamd -V clamd / ClamAV version devel-20040816 Checking freshclam.log: -- Received signal 14, wake up ClamAV update process started at Sun Aug 15 17:27:15 2004 main.cvd is up to date (version: 24, sigs: 21793, f-level: 2, builder: tomek) daily.cvd updated (version: 454, sigs: 1624, f-level: 2, builder: acab) Database updated (23417 signatures) from clamav.antispam.or.id (202.134.0.71). Clamd successfully notified about the update. -- Received signal 14, wake up ClamAV update process started at Mon Aug 16 13:54:14 2004 main.cvd is up to date (version: 24, sigs: 21793, f-level: 2, builder: tomek) daily.cvd updated (version: 455, sigs: 1626, f-level: 2, builder: diego) Database updated (23419 signatures) from clamav.antispam.or.id (202.134.0.71). Clamd successfully notified about the update. -- Received signal 14, wake up ClamAV update process started at Mon Aug 16 15:54:14 2004 main.cvd is up to date (version: 24, sigs: 21793, f-level: 2, builder: tomek) daily.cvd updated (version: 456, sigs: 1627, f-level: 2, builder: diego) Database updated (23420 signatures) from clamav.antispam.or.id (202.134.0.71). Clamd successfully notified about the update. -- Checking clamd.log : Mon Aug 16 10:54:20 2004 - Database correctly reloaded (23417 viruses) Mon Aug 16 13:54:19 2004 - Database correctly reloaded (23419 viruses) Mon Aug 16 15:54:20 2004 - Database correctly reloaded (23420 viruses) Which means for daily.cvd version 455 and 456, my clamd was reloaded soon (few seconds) after freshclam notified clamd, which is perfectly acceptable. However, version 454 was loaded almost one day (!) after freshclam notified clamd. I'm puzzled here. Perhaps it's because 454 was the version that was supposed to reach mirrors very very late. Perhaps because today's snapshot fixed the problem (see my clamd version), although I can't see it it Changelog. Anyway, I can say that today's devel version worked fine here. Regards, Fajar --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Leak on Linux 2.4
Hej, JFYI: I'm running ClamAV 0.75.1 as a daemon on one of my Linux 2.4.26 boxes, and first I'd like to state, that it's _way_ better than 0.65, I tried some time ago. Great job. I'm logging process statistics regularly, and discoverd this strange behaviour in my ps aux log: (ps aux|grep clamd, commandline snipped in ps output) | Fri Aug 13 18:45:28 CEST 2004 | root 1148 0.0 0.7 26996 14780 ? SAug12 0:06 | root 5405 0.0 0.7 26996 14780 ? SAug12 0:00 | root 30296 0.7 0.7 26996 14780 ? S02:45 7:27 | root 31529 0.9 0.7 26996 14780 ? S02:47 8:41 | root 13660 0.9 0.7 26996 14780 ? S07:56 6:27 | root 13667 1.1 0.7 26996 14780 ? S07:56 7:32 | root 13670 0.9 0.7 26996 14780 ? S07:56 6:11 | Fri Aug 13 18:46:28 CEST 2004 | root 1148 0.0 1.3 31692 27852 ? SAug12 0:06 | root 5405 0.0 1.3 31692 27852 ? SAug12 0:00 | root 3197 0.4 1.3 31692 27852 ? S18:46 0:00 Looks like clamds childs crashed/got killed/disappeared and clamd parent has problems cleaning up after them. (Really just a wild guess!) Can't reproduce or tell what Clam did when this happend, though. I'll increase logging and maybe I can get some error or thelike from clamdscan output when/if this happens next time. Do people experience similar things on their Linux Boxes? This is Linux 2.4.26 SMP on a dual XEON. lg, daniel --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Leak on Linux 2.4
I am not sure why do you worry. Can't see anything unusual. The number of clamd processes is dynamic except for two watchdogs. Sincerely yours, Roman A.Suzi -- - Petrozavodsk - Karelia - Russia - mailto:[EMAIL PROTECTED] - On Mon, 16 Aug 2004, Daniel Tiefnig wrote: Hej, JFYI: | Fri Aug 13 18:45:28 CEST 2004 | root 1148 0.0 0.7 26996 14780 ? SAug12 0:06 | root 5405 0.0 0.7 26996 14780 ? SAug12 0:00 | root 30296 0.7 0.7 26996 14780 ? S02:45 7:27 | root 31529 0.9 0.7 26996 14780 ? S02:47 8:41 | root 13660 0.9 0.7 26996 14780 ? S07:56 6:27 | root 13667 1.1 0.7 26996 14780 ? S07:56 7:32 | root 13670 0.9 0.7 26996 14780 ? S07:56 6:11 | Fri Aug 13 18:46:28 CEST 2004 | root 1148 0.0 1.3 31692 27852 ? SAug12 0:06 | root 5405 0.0 1.3 31692 27852 ? SAug12 0:00 | root 3197 0.4 1.3 31692 27852 ? S18:46 0:00 --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Freshclam cron interval {Revisado por Antivirus}
No, the cron job only runs on the hour (minute == 0) so it will only run once per hour at a random time between hh:00 and hh:30. A. D'oh! Note to self - don't think you are smart when you're tired! Thanks. --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Leak on Linux 2.4
Roman Suzi wrote: I am not sure why do you worry. Can't see anything unusual. So you say it's usual, that clamd uses 14M of memory for about one day, and then suddenly jumps to 27M? Weird. The number of clamd processes is dynamic except for two watchdogs. That's not the problem. I see I wasn't clear on that in my original mail. The problem is that clamd is using nearly twice as much memory as it was a minute before... lg, daniel --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] contrib/init/RedHat suggested patch
The sample init scripts (for RedHat) start clamd and clamav-milter at sequence numbers 90 and 91. The RH default sendmail starts at sequence number 80. I'd ignored this when setting things up before, since I figured being vulnerable to viruses for a few seconds at boot time was acceptable. But this is probably something that should be fixed... I saw today that 9 messages came in during the two seconds that sendmail was up and clamav-milter was not. Lowering those numbers (presumably to 78 and 79) would be a better default. Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Freshclam cron interval {Revisado por Antivirus}
Why not just do what I've been working on. Just set up a procmail rule that runs freshclam whenever you get a message from the clamav-virusdb list. It should work just as good as the clamav team sending you a virusdb push every time the database is updated. Regards, Mike Mike Robinson, UNIX Administrator E-mail: [EMAIL PROTECTED] Information Technology http://www.marietta.edu/~robinsom Marietta College 215 5th St Voice: (740) 376-4616 Marietta, OH 45750 Fax: (740) 376-4896 ---BeginMessage--- No, the cron job only runs on the hour (minute == 0) so it will only run once per hour at a random time between hh:00 and hh:30. A. D'oh! Note to self - don't think you are smart when you're tired! Thanks. --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users ---End Message---
Re: [Clamav-users] Memory Problem
Wilson Mak wanted us to know: On some ocassion, clamscan will stick ifself to the background and do nothing - just eat up CPU resources. And also, the scanning message will stay in the /var/spool/qmailscan/tmp/ and /var/spool/qmailscan/working/new and the the process will then be stopped there. Any clues how to fix this? Are you using clamscan or clamdscan? If you are using clamscan, your memory usage will be very high. If you are using clamdscan, it's just a wrapper that passes it to clamd which is not memory limited by softlimit (unless you feel like adding it to the init script). -- Regards... Todd They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. --Benjamin Franklin Linux kernel 2.6.3-15mdkenterprise 2 users, load average: 0.00, 0.01, 0.00 --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Freshclam cron interval {Revisado por Antivirus}
At 18:53 16/08/2004, Mike Robinson wrote: Why not just do what I've been working on. Just set up a procmail rule that runs freshclam whenever you get a message from the clamav-virusdb list. It should work just as good as the clamav team sending you a virusdb push every time the database is updated. Can you give us the detail of that rule? I've also been meaning to do that for months, but not got round to it. Cheers Brian -- Brian J Read www.abandonmicrosoft.co.uk www.theonlineorganiser.com www.thepersonalknowledgebase.com +44 1695 723723 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.737 / Virus Database: 491 - Release Date: 11/08/2004
Re: [Clamav-users] contrib/init/RedHat suggested patch
On Mon, 16 Aug 2004, Damian Menscher wrote: The sample init scripts (for RedHat) start clamd and clamav-milter at sequence numbers 90 and 91. The RH default sendmail starts at sequence number 80. I'd ignored this when setting things up before, since I figured being vulnerable to viruses for a few seconds at boot time was acceptable. But this is probably something that should be fixed... I saw today that 9 messages came in during the two seconds that sendmail was up and clamav-milter was not. Lowering those numbers (presumably to 78 and 79) would be a better default. Good plan, I did that for Debian - made sendmail starts After the milters, and ends Before them... It has helped reduce the clutter in /var/mail/mail.log. It shouldn't, however change if a virus is accepted - since sendmail should be tempfailing mail until the milters are functioning. -- Rick Nelson Life'll kill ya -- Warren Zevon Then you'll be dead -- Life'll kill ya --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam cron interval {Revisado por Antivirus}
On 8/16/2004 7:53 PM GMT+2, Mike Robinson wrote: Why not just do what I've been working on. Just set up a procmail rule that runs freshclam whenever you get a message from the clamav-virusdb list. It should work just as good as the clamav team sending you a virusdb push every time the database is updated. I don't know what your return times of the sourceforge mailing lists are. But over here, it can take up to 1.5, 2hours during USA daytime. Regards, Niek Baakman --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Freshclam cron interval {Revisado por Antivirus}
:0 * ^X-BeenThere:[EMAIL PROTECTED] | nice -n 5 /usr/local/bin/freshclam --quiet This one should work...not certain, but that's as far as I've gotten so far... Regards, Mike ---BeginMessage--- At 18:53 16/08/2004, Mike Robinson wrote: Why not just do what I've been working on. Just set up a procmail rule that runs freshclam whenever you get a message from the clamav-virusdb list. It should work just as good as the clamav team sending you a virusdb push every time the database is updated. Can you give us the detail of that rule? I've also been meaning to do that for months, but not got round to it. Cheers Brian -- Brian J Read www.abandonmicrosoft.co.uk www.theonlineorganiser.com www.thepersonalknowledgebase.com +44 1695 723723 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.737 / Virus Database: 491 - Release Date: 11/08/2004 ---End Message---
RE: [Clamav-users] Freshclam cron interval {Revisado por Antivirus}
On Mon, 2004-08-16 at 19:53, Mike Robinson wrote: Why not just do what I've been working on. Just set up a procmail rule that runs freshclam whenever you get a message from the clamav-virusdb list. It should work just as good as the clamav team sending you a virusdb push every time the database is updated. Regards, Mike You should not do that, here are two reasons: Firstly, there is a long delay between the moment when a maintainer do an update and the receive of the mail in clamav-virusdb. Often 2 or 3 hours. Sourceforge mailing lists are actually posting messages 2 hours after posting. Maintainer has also to make the announcement and complete the processing of the samples after the update. This can sometime take 1 hour. Secondly, you could have a problem receiving mails, Sourceforge could have difficulties, or we could forget to post the notification. Last point never happened, but who knows ... Best regards, Denis De Messemacker -- Denis De Messemacker GnuPG Key-ID: 0x02787880 [EMAIL PROTECTED] http://www.e-labs.org [EMAIL PROTECTED] http://www.ClamAV.net - A GPL virus scanner --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Freshclam cron interval {Revisado por Antivirus}
Ok, so we can't do that, but can you suggest a better method than running freshclam every hour? I would think that the clamav development team would be interested in doing a push to sites that wanted them, because these are probably the same sites that update on an hourly basis right now. Regards, Mike ---BeginMessage--- On Mon, 2004-08-16 at 19:53, Mike Robinson wrote: Why not just do what I've been working on. Just set up a procmail rule that runs freshclam whenever you get a message from the clamav-virusdb list. It should work just as good as the clamav team sending you a virusdb push every time the database is updated. Regards, Mike You should not do that, here are two reasons: Firstly, there is a long delay between the moment when a maintainer do an update and the receive of the mail in clamav-virusdb. Often 2 or 3 hours. Sourceforge mailing lists are actually posting messages 2 hours after posting. Maintainer has also to make the announcement and complete the processing of the samples after the update. This can sometime take 1 hour. Secondly, you could have a problem receiving mails, Sourceforge could have difficulties, or we could forget to post the notification. Last point never happened, but who knows ... Best regards, Denis De Messemacker -- Denis De Messemacker GnuPG Key-ID: 0x02787880 [EMAIL PROTECTED] http://www.e-labs.org [EMAIL PROTECTED] http://www.ClamAV.net - A GPL virus scanner --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users ---End Message---
Re: [Clamav-users] contrib/init/RedHat suggested patch
On Mon, 16 Aug 2004, Todd Lyons wrote: It shouldn't, however change if a virus is accepted - since sendmail should be tempfailing mail until the milters are functioning. Incorrect, depending on how you define your milter call for sendmail. So by not specifying an F=T setting, you're telling it to pass it through in the event of clamav-milter failure. I'm not sure what the case would be if clamav-milter was still fully functional, but clamd failed. It does bad things, by default (tempfailing the mail, as I recall). The fix is to give the --dont-scan-on-error option to your clamav-milter. My full set of clamav-milter flags are: CLAMAV_FLAGS=--quiet --headers --noxheader --dont-log-clean --dont-scan-on-error --max-children=10 local:/var/run/clamav/clmilter.sock I'd encourage the developers to make this the recommended default, since anything else is just plain silly. ;) Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Errors with MacOS X Panther and libbz2
I was able to compile and install ok using darwinports. http://darwinports.opendarwin.org/ Hello all. I have a problem with make on MacOS X Panther 10.3.5. I searched the archives and found the usual run 'sudo ranlib /usr/lib/libbz2.a' tip. However this does _not_ work for me (and someone else on this list). Scanning works though, but if I try to compile pyclamav it complains about missing linker symbols for: - ld: Undefined symbols: _BZ2_bzRead _BZ2_bzReadClose _BZ2_bzReadOpen error: command 'gcc' failed with exit status 1 - Strange though that ./configure seems to know about libbz2: - checking for bzReadOpen in -lbz2... no checking bzlib.h usability... yes checking bzlib.h presence... yes checking for bzlib.h... yes - This occured with clamav-0.74 and clamav-0.75.1. Here's my output: - /bin/sh ../libtool --mode=link gcc -g -O2 -o libclamav.la -rpath /usr/local/lib -version-info 1:4:0 matcher.lo md5.lo others.lo readdb.lo cvd.lo dsig.lo str.lo scanners.lo unrarlib.lo zzip-dir.lo zzip-err.lo zzip-file.lo zzip-info.lo zzip-io.lo zzip-stat.lo zzip-zip.lo strc.lo blob.lo mbox.lo message.lo snprintf.lo strrcpy.lo table.lo text.lo ole2_extract.lo vba_extract.lo msexpand.lo -lz -lbz2 -lgmp rm -fr .libs/libclamav.la .libs/libclamav.* .libs/libclamav.* *** Warning: linker path does not have real file for library -lbz2. *** I have the capability to make that library automatically link in when *** you link to this library. But I can only do this if you have a *** shared version of the library, which you do not appear to have *** because I did check the linker path looking for a file starting *** with libbz2 and none of the candidates passed a file format test *** using a file magic. Last file checked: /usr/lib/libbz2.a *** The inter-library dependencies that have been dropped here will be *** automatically added whenever a program is linked with this library *** or is declared to -dlopen it. gcc -dynamiclib -flat_namespace -undefined suppress -o .libs/libclamav.1.0.4.dylib matcher.lo md5.lo others.lo readdb.lo cvd.lo dsig.lo str.lo scanners.lo unrarlib.lo zzip-dir.lo zzip-err.lo zzip-file.lo zzip-info.lo zzip-io.lo zzip-stat.lo zzip-zip.lo strc.lo blob.lo mbox.lo message.lo snprintf.lo strrcpy.lo table.lo text.lo ole2_extract.lo vba_extract.lo msexpand.lo -lz -L/usr/local/lib -lgmp -lc -install_name /usr/local/lib/libclamav.1.dylib -compatibility_version 2 -current_version 2.4 - Any help would be greatly appreciated! Thanks in advance! Pascal --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users -- Randall Perry sysTame Xserve Web Hosting/Co-location Website Design/Development WebObjects Hosting Mac Consulting/Sales http://www.systame.com/ --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam --quiet warnings/bugs
On Sun, Aug 15, 2004 at 05:31:54PM +0200, Micha Silver wrote:
I would love to get emailed a notice when the virus database
has been updated, and when it tried but failed.
I use the two options in freshclam.conf: OnUpdateExecute and OnErrorExecute
to call a small script that sends me a success (or failure when that
happens) message each time. Quick and dirty. Works fine.
I do the same. I leave the retries to my freshclam-failed.sh script.
freshclam-update.sh:
-
#!/bin/sh
# Mail details of a successful DB update to virusadmin.
# Set notify address as required
VIRUSADM=[EMAIL PROTECTED]
# Environment and scratch files.
SIGTOOL=/usr/local/bin/sigtool
VIRUSDBDIR=/var/amavisd/virusdb
MYHOSTNAME=`/usr/bin/hostname`
VINFO=/tmp/siginfo.`date +%H%M%S`
# shouldn't be necessary if clam was linked correctly
LD_LIBRARY_PATH=/usr/local/lib
export LD_LIBRARY_PATH
for i in ${VIRUSDBDIR}/*.cvd
do
echo $VINFO
echo SIGTOOL INFO FOR ${i} $VINFO
echo $VINFO
${SIGTOOL} --stdout --info $i $VINFO
echo $VINFO
done
mailx -s freshclam
update succeeded for ${MYHOSTNAME} $VIRUSADM $VINFO
rm $VINFO
-
freshclam-failed.sh
#!/bin/sh
# Mail to be sent when freshclam fails.
# Set notify address as required
VIRUSADM=[EMAIL PROTECTED]
MYHOSTNAME=`/usr/bin/hostname`
FCINFO=/tmp/fcinfo.`date +%H%M%S`
echo The ClamAV updater freshclam has failed for some reason. $FCINFO
echo Please investigate (/var/log/clamav.log might be useful). $FCINFO
echo $FCINFO
echo Trying again ... $FCINFO
echo $FCINFO
# try again and touch the failed file if it still fails so we know
# when the last actual failure was.
/usr/local/bin/freshclam --stdout \
--on-error-execute=touch /var/amavisd/freshclam-failed $FCINFO
mailx -s Freshclam update FAILED on ${MYHOSTNAME} $VIRUSADM $FCINFO
rm $FCINFO
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Memory Problem
Hi Todd, On some ocassion, clamscan will stick ifself to the background and do nothing - just eat up CPU resources. And also, the scanning message will stay in the /var/spool/qmailscan/tmp/ and /var/spool/qmailscan/working/new and the the process will then be stopped there. Any clues how to fix this? Are you using clamscan or clamdscan? If you are using clamscan, your memory usage will be very high. If you are using clamdscan, it's just a wrapper that passes it to clamd which is not memory limited by softlimit (unless you feel like adding it to the init script). Thanks for your prompt reply. I am using clamscan. Initially, I set the softlimit to 1500 and it always got the error messages Can't re-allocate memory to xxx bytes. And then I set it to 1800, it reduces lots of these error messages - but still got some. So I try increasing it to avoid getting these errrors. Perhaps, what is the best value of softlimit if my box got 512M RAM. Many thanks, Wilson --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Freshclam errors
Getting warning on signature and error on write. How do I fix? ClamAV update process started at Mon Aug 16 23:22:04 2004 SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES main.cvd is up to date (version: 24, sigs: 21793, f-level: 2, builder: tomek) ERROR: Can't open new file ./clamav-18d5879888c45d2c to write ERROR: Can't download daily.cvd from 64.69.64.158 -- Randall Perry sysTame Xserve Web Hosting/Co-location Website Design/Development WebObjects Hosting Mac Consulting/Sales http://www.systame.com/ --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam errors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 16 August 2004 10:23 pm, Randall Perry wrote: SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES http://www.clamav.net/faq.html - -- === Jabber: tradergt@(smelser.org|jabber.org) Quote:Inaccuracy can save a lot of explanation. === -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBIYkEld4MRA3gEwYRAlCzAJ41hCFwE8AwIPD2wJFONxdOOd08rACgqOXK /L2la6NOweqTE+7v6UC7bJk= =lTiB -END PGP SIGNATURE- --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
