Re: [Clamav-users] clamd problems

[D Walsh]

On Oct 10, 2004, at 15:38, Steven Westbrook wrote:
Ok.. I don't see UnixSocket.
I've included  my clamd.conf file...
thanks,
steve
--
##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##
# Comment or remove the line below.
#Example
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
LogFile /var/log/clamav/clamd.log
# By default the log file is locked for writing - the lock protects 
against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option).
# This option disables log file locking.
# Default: disabled
#LogFileUnlock

# Maximal size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the 
size
# in bytes just don't use modifiers.
# Default: 1M
LogFileMaxSize 0

# Log time with each message.
# Default: disabled
LogTime
# Also log clean files. Useful in debugging but drastically increases 
the
# log size.
# Default: disabled
#LogClean

# Use system logger (can work together with LogFile).
# Default: disabled
LogSyslog
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL
# Enable verbose logging.
# Default: disabled
#LogVerbose
# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
PidFile /var/run/clamav/clamd.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
TemporaryDirectory /tmp
# Path to the database directory.
# Default: hardcoded (depends on installation options)
DatabaseDirectory /var/lib/clamav
# The daemon works in a local OR a network mode. Due to security 
reasons we
# recommend the local mode.

# Path to a local socket file the daemon will listen on.
# Default: disabled
LocalSocket /var/run/clamav/clamd.sock
change to:
# LocalSocket /var/run/clamav/clamd.sock
# Remove stale socket after unclean shutdown.
# Default: disabled
FixStaleSocket
# TCP port address.
# Default: disabled
TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: disabled
TCPAddr 127.0.0.1
# Maximum length the queue of pending connections may grow to.
# Default: 15
MaxConnectionQueueLength 30
# Close the connection if this limit is exceeded.
# Default: 10M
#StreamMaxLength 20M
# Maximal number of threads running at the same time.
# Default: 10
MaxThreads 50
# Waiting for data from a client socket will timeout after this time 
(seconds).
# Value of 0 disables the timeout.
# Default: 120
ReadTimeout 300

# Maximal depth directories are scanned at.
# Default: 15
#MaxDirectoryRecursion 20
# Follow directory symlinks.
# Default: disabled
#FollowDirectorySymlinks
# Follow regular file symlinks.
# Default: disabled
#FollowFileSymlinks
# Perform internal sanity check (database integrity and freshness).
# Default: 1800 (30 min)
#SelfCheck 600
# Execute a command when virus is found. In the command string %v will
# be replaced by a virus name.
# Default: disabled
#VirusEvent /usr/local/bin/send_sms 123456789 VIRUS ALERT: %v
# Run as a selected user (clamd must be started by root).
# Default: disabled
User clamav
# Initialize supplementary group access (clamd must be started by 
root).
# Default: disabled
AllowSupplementaryGroups

# Don't fork into background.
# Default: disabled
#Foreground
# Enable debug messages in libclamav.
# Default: disabled
#Debug
# Do not remove temporary files (for debug purposes).
# Default: disabled
#LeaveTemporaryFiles
# By default clamd uses scan options recommended by libclamav. This 
option
# disables recommended options and allows you to enable selected ones 
below.
# DO NOT TOUCH IT unless you know what you are doing.
# Default: disabled
#DisableDefaultScanOptions

##
## Executable files
##
# PE stands for Portable Executable - it's an executable file format 
used
# in all 32-bit versions of Windows operating systems. This option 
allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as 
UPX, FSG,
# and Petite.
# Default: enabled
#ScanPE

# With this option clamav will try to detect broken executables and 
mark
# them as Broken.Executable
# Default: disabled
DetectBrokenExecutables

##
## Documents
##
# This option enables scanning of Microsoft Office document macros.
# Default: enabled
#ScanOLE2
##
## Mail files
##
# Enable internal e-mail scanner.
# Default: enabled
ScanMail
# If an email contains URLs ClamAV can download and scan them.
# 

RE: [Clamav-users] clamd problems

[D.J. Fan]

I'm having a problem getting clamd to start.  I'm using the 
clamav09.80rc3-1 rpm.  I tried setting up the clamav milter and I enabled 
LocalSocket /var/run/clamav/clamd.sock.  When I try starting it, I get this 
error:

Why is this happening?  I'm not sure how to turn off the local mode.
I don't know if this is your problem, but:
Don't use both LocalSocket and TCPSocket, choose one.
I use LocalSocket
This may possibly help:
http://www.xmission.com/~jmcrc/clamav-amavisd-new.html
_
Check out Election 2004 for up-to-date election news, plus voter tools and 
more! http://special.msn.com/msn/election2004.armx

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] repeated scanning

[Rick Weinbender]

Hi,
I'm running clamav with qmail on Debian Stable Linux.
*
My .qmail file for any particular user looks like
this:
 |/usr/local/bin/clamdscan -d /usr/local/share/clamav
-* 
My testbox is working fine, but I've noticed on a
clean system that if I send a test eicar virus to an
email account,
it seems like qmail keeps attempting to deliver and
clamav keeps blocking.
This happens for about a week, then the test virus
gets auto-emailed back to me as a failure to deliver
notice.
*
My concern is that the system is kept extra busy with
this delivery-attempt-then-block activity.
*
Wouldn't the virus-bearing email just get deleted and
stay deleted?
*
How could I fix this so that the email is deleted
the first time it is detected?
*
Thanks,
-Rick

Part of Clamav.log below
(notice Eicar keeps being discovered over and over)
Wed Oct  6 18:37:42 2004 - Self checking every 3600
seconds.
Wed Oct  6 18:37:45 2004 - stream:
Eicar-Test-Signature FOUND
Wed Oct  6 18:37:46 2004 - stream:
Eicar-Test-Signature FOUND
Wed Oct  6 20:29:35 2004 - No stats for Database
check - forcing reload
Wed Oct  6 20:29:35 2004 - stream:
Eicar-Test-Signature FOUND
Wed Oct  6 20:29:35 2004 - Reading databases from
/var/lib/clamav/
Wed Oct  6 20:29:36 2004 - Database correctly
reloaded (24215 viruses)
Wed Oct  6 20:29:36 2004 - stream:
Eicar-Test-Signature FOUND 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

RE: [Clamav-users] clamd problems

[Steven Westbrook]

Thank you everyone, it looks like I've got it working..
thanks,
steve
On Sun, 10 Oct 2004, D.J. Fan wrote:
I'm having a problem getting clamd to start.  I'm using the 
clamav09.80rc3-1 rpm.  I tried setting up the clamav milter and I enabled 
LocalSocket /var/run/clamav/clamd.sock.  When I try starting it, I get this 
error:

Why is this happening?  I'm not sure how to turn off the local mode.
I don't know if this is your problem, but:
Don't use both LocalSocket and TCPSocket, choose one.
I use LocalSocket
This may possibly help:
http://www.xmission.com/~jmcrc/clamav-amavisd-new.html
_
Check out Election 2004 for up-to-date election news, plus voter tools and 
more! http://special.msn.com/msn/election2004.armx

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] ClamAV unable to open directory

[Jari]

John, please take another look at my first email. The directory permissions 
are 750, user/group vscan/vscan.

Jari
[EMAIL PROTECTED] root]# ls -la /var/lib/clamav/
total 1356
drwxr-x---2 vscanvscan4096 Oct 10 02:47 .
drwxr-xr-x   21 root root 4096 Oct 10 14:08 ..
-rw-r--r--1 vscanvscan   82119 Oct 10 02:47 daily.cvd
-rw-r--r--1 vscanvscan 1284637 Oct  9 14:47 main.cvd
- Original Message - 
From: John Jolet [EMAIL PROTECTED]
To: ClamAV users ML [EMAIL PROTECTED]
Sent: Sunday, October 10, 2004 2:56 PM
Subject: Re: [Clamav-users] ClamAV unable to open directory


you showed us the permissions on the CONTENTS of /var/lib/clamav, not the
permissions/ownership on the directory itself.
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] ClamAV unable to open directory

[Jari]

I've changed the directory permissions to 0775, still having the same 
problem.

Jari
- Original Message - 
From: Bill Maidment [EMAIL PROTECTED]
To: ClamAV users ML [EMAIL PROTECTED]
Sent: Sunday, October 10, 2004 9:38 PM
Subject: Re: [Clamav-users] ClamAV unable to open directory


Jari wrote:
John, please take another look at my first email. The directory
permissions are 750, user/group vscan/vscan.
Jari
Try 0775. That works for me.
--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd
numbered words (every other word beginning with the first) of the
message above. If you have violated that, then you hereby owe the sender
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see
http://www.goldmark.org/jeff/stupid-disclaimers/)



___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] ClamAV unable to open directory

[D Walsh]

How about telling us what app is trying to write to this file?
What is it's user ID?
What is it's group ID?
Biggest problem I've seen is that people are using amavisd and clamav  
and these apps are controlled by different user/groups and this  
conflict causes lots of problems.

If you have this configuration, I suggest you select one user/group ID  
and change all related files/folders to that (with the exception of the  
binaries which should be root/admin or root/wheel)

If you are still experiencing this problem then it would be much easier  
to figure what the problem is since some defaults have been established  
and stupid questions can be skipped.

-- Da;e
On Oct 10, 2004, at 21:47, Jari wrote:
I've changed the directory permissions to 0775, still having the same  
problem.

Jari
- Original Message - From: Bill Maidment  
[EMAIL PROTECTED]
To: ClamAV users ML [EMAIL PROTECTED]
Sent: Sunday, October 10, 2004 9:38 PM
Subject: Re: [Clamav-users] ClamAV unable to open directory


Jari wrote:
John, please take another look at my first email. The directory
permissions are 750, user/group vscan/vscan.
Jari
Try 0775. That works for me.
--  
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/

Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd
numbered words (every other word beginning with the first) of the
message above. If you have violated that, then you hereby owe the  
sender
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see
http://www.goldmark.org/jeff/stupid-disclaimers/)


--- 
-


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

RE: [Clamav-users] 0.75.1-80rc3 rpm failure??

[Cory Megitt [ClamAV]]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent: Sunday, October 10, 2004 12:51 PM
To: ClamAV users ML
Subject: Re: [Clamav-users] 0.75.1-80rc3 rpm failure??

Cory Megitt [ClamAV] wrote:

 Well, anyways, I went through the qmailrocks.org site, and instead of 
 using their clamav binaries, I used the newer ones from clamav.net.
 Everything seems to work right, except for the clamd.log file -- it's 
 still 0 bytes long and isn't getting updated at all.
  
 Any ideas about that one? 


 Permissions?

Matt
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Sorry about that ..

Here they are:  (let me know if there's anything else you'd need to see).
Thanks :)


[EMAIL PROTECTED] clamav]$ ls -al
total 12
drwxr-xr-x   2 clamav clamav 4096 Oct  9 22:19 .
drwxr-xr-x  15 root   root   4096 Oct 10 04:05 ..
-rw-r--r--   1 clamav clamav0 Oct  9 22:13 clamd.log
-rw---   1 clamav clamav 1155 Oct 10 02:00 clam-update.log

And the clamd.conf file:

[EMAIL PROTECTED] etc]$ cat clamd.conf
##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##


# Comment or remove the line below.
#Example

# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
LogFile /var/log/clamav/clamd.log

# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option).
# This option disables log file locking.
# Default: disabled
#LogFileUnlock

# Maximal size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
# Default: 1M
LogFileMaxSize 0

# Log time with each message.
# Default: disabled
LogTime

# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: disabled
#LogClean

# Use system logger (can work together with LogFile).
# Default: disabled
LogSyslog

# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL

# Enable verbose logging.
# Default: disabled
#LogVerbose

# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
PidFile /var/run/clamav/clamd.pid

# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
TemporaryDirectory /tmp

# Path to the database directory.
# Default: hardcoded (depends on installation options)
DatabaseDirectory /var/lib/clamav

# The daemon works in a local OR a network mode. Due to security reasons we
# recommend the local mode.

# Path to a local socket file the daemon will listen on.
# Default: disabled
#LocalSocket /var/run/clamav/clamd.sock

# Remove stale socket after unclean shutdown.
# Default: disabled
FixStaleSocket

# TCP port address.
# Default: disabled
TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: disabled
#TCPAddr 127.0.0.1

# Maximum length the queue of pending connections may grow to.
# Default: 15
MaxConnectionQueueLength 30

# Close the connection if this limit is exceeded.
# Default: 10M
#StreamMaxLength 20M

# Maximal number of threads running at the same time.
# Default: 10
MaxThreads 50

# Waiting for data from a client socket will timeout after this time
(seconds).
# Value of 0 disables the timeout.
# Default: 120
ReadTimeout 300

# Maximal depth directories are scanned at.
# Default: 15
#MaxDirectoryRecursion 20

# Follow directory symlinks.
# Default: disabled
#FollowDirectorySymlinks

# Follow regular file symlinks.
# Default: disabled
#FollowFileSymlinks

# Perform internal sanity check (database integrity and freshness).
# Default: 1800 (30 min)
#SelfCheck 600

# Execute a command when virus is found. In the command string %v will
# be replaced by a virus name.
# Default: disabled
#VirusEvent /usr/local/bin/send_sms 123456789 VIRUS ALERT: %v

# Run as a selected user (clamd must be started by root).
# Default: disabled
User clamav

# Initialize supplementary group access (clamd must be started by root).
# Default: disabled
AllowSupplementaryGroups

# Don't fork into background.
# Default: disabled
#Foreground

# Enable debug messages in libclamav.
# Default: disabled
#Debug

# Do not remove temporary files (for debug purposes).
# Default: disabled
#LeaveTemporaryFiles


# By default clamd uses scan options recommended by libclamav. This option
# disables recommended options and allows you to enable 

[Clamav-users] Cobalt RaQ2 Compile Errors

[Jeff Ball]

The Cobalt RaQ2 has the following...
gcc-c++-2.7.2-c3r2
gcc-objc-2.7.2-c3r2
gcc-2.7.2-c3r2
glibc-2.0.7-29.4C2
and  0.80rc3 will not build.  again.
I'm wondering if I should work on making a new patch, wait longer, or just 
give up because I will never have a newer compiler, etc... and clamav will 
require them?

[root redhat]# rpm -ba SPECS/clamav.spec
Executing: %prep
+ umask 022
+ cd /usr/src/redhat/BUILD
+ cd /usr/src/redhat/BUILD
+ /bin/gzip -dc /usr/src/redhat/SOURCES/clamav-0.80rc3.tar.gz
+ tar -xvvf -
+ STATUS=0
+ [ 0 -ne 0 ]
+ cd clamav-0.80rc3
+ chown -R root .
+ chgrp -R root .
+ chmod -R a+rX,g-w,o-w .
+ echo Patch #0:
Patch #0:
+ patch -p1 -s
+ exit 0
Executing: %build
+ umask 022
+ cd /usr/src/redhat/BUILD
+ cd clamav-0.80rc3
+ 
./configure --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin 
--sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib 
--libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/man 
--infodir=/usr/info --enable-debug --enable-id-check --disable-clamav --with-user=clamav 
--with-group=clamav --disable-bzip2 --with-dbdir=/var/lib/clamav
checking build system type... mipsel-pc-linux-gnu
checking host system type... mipsel-pc-linux-gnu
checking target system type... mipsel-pc-linux-gnu
creating target.h - canonical system defines
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for gawk... (cached) gawk
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... gcc
1checking for a BSD-compatible install... /usr/bin/install -c
checking whether ln -s works... yes
checking whether make sets $(MAKE)... (cached) yes
checking for ld used by GCC... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for /usr/bin/ld option to reload object files... -r
checking for BSD-compatible nm... /usr/bin/nm -B
checking how to recognise dependant libraries... file_magic ELF 
[0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )
checking command to parse /usr/bin/nm -B output... ok
checking how to run the C preprocessor... gcc -E
checking for egrep... grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... no
checking for stdint.h... no
checking for unistd.h... yes
checking dlfcn.h usability... yes
checking dlfcn.h presence... yes
checking for dlfcn.h... yes
checking for file... /usr/bin/file
checking for ranlib... ranlib
checking for strip... strip
checking for objdir... .libs
checking for gcc option to produce PIC... -fPIC
checking if gcc PIC flag -fPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.lo... yes
checking if gcc supports -fno-rtti -fno-exceptions... no
checking whether the linker (/usr/bin/ld) supports shared libraries... yes
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking dynamic linker characteristics... GNU/Linux ld.so
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking whether -lc should be explicitly linked in... yes
creating libtool
checking for ANSI C header files... (cached) yes
checking for stdint.h... (cached) no
checking for unistd.h... (cached) yes
checking sys/int_types.h usability... no
checking sys/int_types.h presence... no
checking for sys/int_types.h... no
checking for dlfcn.h... (cached) yes
checking for inttypes.h... (cached) no
checking sys/inttypes.h usability... no
checking sys/inttypes.h presence... no
checking for sys/inttypes.h... no
checking for memory.h... (cached) yes
checking ndir.h usability... no
checking ndir.h presence... no
checking for ndir.h... no
checking for stdlib.h... (cached) yes
checking for strings.h... (cached) yes
checking for string.h... (cached) yes
checking sys/mman.h usability... yes
checking sys/mman.h presence... yes
checking for sys/mman.h... yes
checking sys/param.h usability... yes
checking sys/param.h presence... yes
checking for sys/param.h... yes
checking for sys/stat.h... (cached) yes
checking for sys/types.h... (cached) yes
checking malloc.h usability... yes
checking malloc.h