Re: [Clamav-users] clamd problems
On Oct 10, 2004, at 15:38, Steven Westbrook wrote: Ok.. I don't see UnixSocket. I've included my clamd.conf file... thanks, steve -- ## ## Example config file for the Clam AV daemon ## Please read the clamd.conf(5) manual before editing this file. ## # Comment or remove the line below. #Example # Uncomment this option to enable logging. # LogFile must be writable for the user running daemon. # A full path is required. # Default: disabled LogFile /var/log/clamav/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # copy the configuration file, change the LogFile variable, and run # the daemon with --config-file option). # This option disables log file locking. # Default: disabled #LogFileUnlock # Maximal size of the log file. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. # Default: 1M LogFileMaxSize 0 # Log time with each message. # Default: disabled LogTime # Also log clean files. Useful in debugging but drastically increases the # log size. # Default: disabled #LogClean # Use system logger (can work together with LogFile). # Default: disabled LogSyslog # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # Default: LOG_LOCAL6 #LogFacility LOG_MAIL # Enable verbose logging. # Default: disabled #LogVerbose # This option allows you to save a process identifier of the listening # daemon (main thread). # Default: disabled PidFile /var/run/clamav/clamd.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). TemporaryDirectory /tmp # Path to the database directory. # Default: hardcoded (depends on installation options) DatabaseDirectory /var/lib/clamav # The daemon works in a local OR a network mode. Due to security reasons we # recommend the local mode. # Path to a local socket file the daemon will listen on. # Default: disabled LocalSocket /var/run/clamav/clamd.sock change to: # LocalSocket /var/run/clamav/clamd.sock # Remove stale socket after unclean shutdown. # Default: disabled FixStaleSocket # TCP port address. # Default: disabled TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. # Default: disabled TCPAddr 127.0.0.1 # Maximum length the queue of pending connections may grow to. # Default: 15 MaxConnectionQueueLength 30 # Close the connection if this limit is exceeded. # Default: 10M #StreamMaxLength 20M # Maximal number of threads running at the same time. # Default: 10 MaxThreads 50 # Waiting for data from a client socket will timeout after this time (seconds). # Value of 0 disables the timeout. # Default: 120 ReadTimeout 300 # Maximal depth directories are scanned at. # Default: 15 #MaxDirectoryRecursion 20 # Follow directory symlinks. # Default: disabled #FollowDirectorySymlinks # Follow regular file symlinks. # Default: disabled #FollowFileSymlinks # Perform internal sanity check (database integrity and freshness). # Default: 1800 (30 min) #SelfCheck 600 # Execute a command when virus is found. In the command string %v will # be replaced by a virus name. # Default: disabled #VirusEvent /usr/local/bin/send_sms 123456789 VIRUS ALERT: %v # Run as a selected user (clamd must be started by root). # Default: disabled User clamav # Initialize supplementary group access (clamd must be started by root). # Default: disabled AllowSupplementaryGroups # Don't fork into background. # Default: disabled #Foreground # Enable debug messages in libclamav. # Default: disabled #Debug # Do not remove temporary files (for debug purposes). # Default: disabled #LeaveTemporaryFiles # By default clamd uses scan options recommended by libclamav. This option # disables recommended options and allows you to enable selected ones below. # DO NOT TOUCH IT unless you know what you are doing. # Default: disabled #DisableDefaultScanOptions ## ## Executable files ## # PE stands for Portable Executable - it's an executable file format used # in all 32-bit versions of Windows operating systems. This option allows # ClamAV to perform a deeper analysis of executable files and it's also # required for decompression of popular executable packers such as UPX, FSG, # and Petite. # Default: enabled #ScanPE # With this option clamav will try to detect broken executables and mark # them as Broken.Executable # Default: disabled DetectBrokenExecutables ## ## Documents ## # This option enables scanning of Microsoft Office document macros. # Default: enabled #ScanOLE2 ## ## Mail files ## # Enable internal e-mail scanner. # Default: enabled ScanMail # If an email contains URLs ClamAV can download and scan them. #
RE: [Clamav-users] clamd problems
I'm having a problem getting clamd to start. I'm using the clamav09.80rc3-1 rpm. I tried setting up the clamav milter and I enabled LocalSocket /var/run/clamav/clamd.sock. When I try starting it, I get this error: Why is this happening? I'm not sure how to turn off the local mode. I don't know if this is your problem, but: Don't use both LocalSocket and TCPSocket, choose one. I use LocalSocket This may possibly help: http://www.xmission.com/~jmcrc/clamav-amavisd-new.html _ Check out Election 2004 for up-to-date election news, plus voter tools and more! http://special.msn.com/msn/election2004.armx ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] repeated scanning
Hi, I'm running clamav with qmail on Debian Stable Linux. * My .qmail file for any particular user looks like this: |/usr/local/bin/clamdscan -d /usr/local/share/clamav -* My testbox is working fine, but I've noticed on a clean system that if I send a test eicar virus to an email account, it seems like qmail keeps attempting to deliver and clamav keeps blocking. This happens for about a week, then the test virus gets auto-emailed back to me as a failure to deliver notice. * My concern is that the system is kept extra busy with this delivery-attempt-then-block activity. * Wouldn't the virus-bearing email just get deleted and stay deleted? * How could I fix this so that the email is deleted the first time it is detected? * Thanks, -Rick Part of Clamav.log below (notice Eicar keeps being discovered over and over) Wed Oct 6 18:37:42 2004 - Self checking every 3600 seconds. Wed Oct 6 18:37:45 2004 - stream: Eicar-Test-Signature FOUND Wed Oct 6 18:37:46 2004 - stream: Eicar-Test-Signature FOUND Wed Oct 6 20:29:35 2004 - No stats for Database check - forcing reload Wed Oct 6 20:29:35 2004 - stream: Eicar-Test-Signature FOUND Wed Oct 6 20:29:35 2004 - Reading databases from /var/lib/clamav/ Wed Oct 6 20:29:36 2004 - Database correctly reloaded (24215 viruses) Wed Oct 6 20:29:36 2004 - stream: Eicar-Test-Signature FOUND __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] clamd problems
Thank you everyone, it looks like I've got it working.. thanks, steve On Sun, 10 Oct 2004, D.J. Fan wrote: I'm having a problem getting clamd to start. I'm using the clamav09.80rc3-1 rpm. I tried setting up the clamav milter and I enabled LocalSocket /var/run/clamav/clamd.sock. When I try starting it, I get this error: Why is this happening? I'm not sure how to turn off the local mode. I don't know if this is your problem, but: Don't use both LocalSocket and TCPSocket, choose one. I use LocalSocket This may possibly help: http://www.xmission.com/~jmcrc/clamav-amavisd-new.html _ Check out Election 2004 for up-to-date election news, plus voter tools and more! http://special.msn.com/msn/election2004.armx ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV unable to open directory
John, please take another look at my first email. The directory permissions are 750, user/group vscan/vscan. Jari [EMAIL PROTECTED] root]# ls -la /var/lib/clamav/ total 1356 drwxr-x---2 vscanvscan4096 Oct 10 02:47 . drwxr-xr-x 21 root root 4096 Oct 10 14:08 .. -rw-r--r--1 vscanvscan 82119 Oct 10 02:47 daily.cvd -rw-r--r--1 vscanvscan 1284637 Oct 9 14:47 main.cvd - Original Message - From: John Jolet [EMAIL PROTECTED] To: ClamAV users ML [EMAIL PROTECTED] Sent: Sunday, October 10, 2004 2:56 PM Subject: Re: [Clamav-users] ClamAV unable to open directory you showed us the permissions on the CONTENTS of /var/lib/clamav, not the permissions/ownership on the directory itself. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV unable to open directory
I've changed the directory permissions to 0775, still having the same problem. Jari - Original Message - From: Bill Maidment [EMAIL PROTECTED] To: ClamAV users ML [EMAIL PROTECTED] Sent: Sunday, October 10, 2004 9:38 PM Subject: Re: [Clamav-users] ClamAV unable to open directory Jari wrote: John, please take another look at my first email. The directory permissions are 750, user/group vscan/vscan. Jari Try 0775. That works for me. -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV unable to open directory
How about telling us what app is trying to write to this file? What is it's user ID? What is it's group ID? Biggest problem I've seen is that people are using amavisd and clamav and these apps are controlled by different user/groups and this conflict causes lots of problems. If you have this configuration, I suggest you select one user/group ID and change all related files/folders to that (with the exception of the binaries which should be root/admin or root/wheel) If you are still experiencing this problem then it would be much easier to figure what the problem is since some defaults have been established and stupid questions can be skipped. -- Da;e On Oct 10, 2004, at 21:47, Jari wrote: I've changed the directory permissions to 0775, still having the same problem. Jari - Original Message - From: Bill Maidment [EMAIL PROTECTED] To: ClamAV users ML [EMAIL PROTECTED] Sent: Sunday, October 10, 2004 9:38 PM Subject: Re: [Clamav-users] ClamAV unable to open directory Jari wrote: John, please take another look at my first email. The directory permissions are 750, user/group vscan/vscan. Jari Try 0775. That works for me. -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/) --- - ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] 0.75.1-80rc3 rpm failure??
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Sunday, October 10, 2004 12:51 PM To: ClamAV users ML Subject: Re: [Clamav-users] 0.75.1-80rc3 rpm failure?? Cory Megitt [ClamAV] wrote: Well, anyways, I went through the qmailrocks.org site, and instead of using their clamav binaries, I used the newer ones from clamav.net. Everything seems to work right, except for the clamd.log file -- it's still 0 bytes long and isn't getting updated at all. Any ideas about that one? Permissions? Matt ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Sorry about that .. Here they are: (let me know if there's anything else you'd need to see). Thanks :) [EMAIL PROTECTED] clamav]$ ls -al total 12 drwxr-xr-x 2 clamav clamav 4096 Oct 9 22:19 . drwxr-xr-x 15 root root 4096 Oct 10 04:05 .. -rw-r--r-- 1 clamav clamav0 Oct 9 22:13 clamd.log -rw--- 1 clamav clamav 1155 Oct 10 02:00 clam-update.log And the clamd.conf file: [EMAIL PROTECTED] etc]$ cat clamd.conf ## ## Example config file for the Clam AV daemon ## Please read the clamd.conf(5) manual before editing this file. ## # Comment or remove the line below. #Example # Uncomment this option to enable logging. # LogFile must be writable for the user running daemon. # A full path is required. # Default: disabled LogFile /var/log/clamav/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # copy the configuration file, change the LogFile variable, and run # the daemon with --config-file option). # This option disables log file locking. # Default: disabled #LogFileUnlock # Maximal size of the log file. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. # Default: 1M LogFileMaxSize 0 # Log time with each message. # Default: disabled LogTime # Also log clean files. Useful in debugging but drastically increases the # log size. # Default: disabled #LogClean # Use system logger (can work together with LogFile). # Default: disabled LogSyslog # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # Default: LOG_LOCAL6 #LogFacility LOG_MAIL # Enable verbose logging. # Default: disabled #LogVerbose # This option allows you to save a process identifier of the listening # daemon (main thread). # Default: disabled PidFile /var/run/clamav/clamd.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). TemporaryDirectory /tmp # Path to the database directory. # Default: hardcoded (depends on installation options) DatabaseDirectory /var/lib/clamav # The daemon works in a local OR a network mode. Due to security reasons we # recommend the local mode. # Path to a local socket file the daemon will listen on. # Default: disabled #LocalSocket /var/run/clamav/clamd.sock # Remove stale socket after unclean shutdown. # Default: disabled FixStaleSocket # TCP port address. # Default: disabled TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. # Default: disabled #TCPAddr 127.0.0.1 # Maximum length the queue of pending connections may grow to. # Default: 15 MaxConnectionQueueLength 30 # Close the connection if this limit is exceeded. # Default: 10M #StreamMaxLength 20M # Maximal number of threads running at the same time. # Default: 10 MaxThreads 50 # Waiting for data from a client socket will timeout after this time (seconds). # Value of 0 disables the timeout. # Default: 120 ReadTimeout 300 # Maximal depth directories are scanned at. # Default: 15 #MaxDirectoryRecursion 20 # Follow directory symlinks. # Default: disabled #FollowDirectorySymlinks # Follow regular file symlinks. # Default: disabled #FollowFileSymlinks # Perform internal sanity check (database integrity and freshness). # Default: 1800 (30 min) #SelfCheck 600 # Execute a command when virus is found. In the command string %v will # be replaced by a virus name. # Default: disabled #VirusEvent /usr/local/bin/send_sms 123456789 VIRUS ALERT: %v # Run as a selected user (clamd must be started by root). # Default: disabled User clamav # Initialize supplementary group access (clamd must be started by root). # Default: disabled AllowSupplementaryGroups # Don't fork into background. # Default: disabled #Foreground # Enable debug messages in libclamav. # Default: disabled #Debug # Do not remove temporary files (for debug purposes). # Default: disabled #LeaveTemporaryFiles # By default clamd uses scan options recommended by libclamav. This option # disables recommended options and allows you to enable
[Clamav-users] Cobalt RaQ2 Compile Errors
The Cobalt RaQ2 has the following... gcc-c++-2.7.2-c3r2 gcc-objc-2.7.2-c3r2 gcc-2.7.2-c3r2 glibc-2.0.7-29.4C2 and 0.80rc3 will not build. again. I'm wondering if I should work on making a new patch, wait longer, or just give up because I will never have a newer compiler, etc... and clamav will require them? [root redhat]# rpm -ba SPECS/clamav.spec Executing: %prep + umask 022 + cd /usr/src/redhat/BUILD + cd /usr/src/redhat/BUILD + /bin/gzip -dc /usr/src/redhat/SOURCES/clamav-0.80rc3.tar.gz + tar -xvvf - + STATUS=0 + [ 0 -ne 0 ] + cd clamav-0.80rc3 + chown -R root . + chgrp -R root . + chmod -R a+rX,g-w,o-w . + echo Patch #0: Patch #0: + patch -p1 -s + exit 0 Executing: %build + umask 022 + cd /usr/src/redhat/BUILD + cd clamav-0.80rc3 + ./configure --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/man --infodir=/usr/info --enable-debug --enable-id-check --disable-clamav --with-user=clamav --with-group=clamav --disable-bzip2 --with-dbdir=/var/lib/clamav checking build system type... mipsel-pc-linux-gnu checking host system type... mipsel-pc-linux-gnu checking target system type... mipsel-pc-linux-gnu creating target.h - canonical system defines checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for gawk... gawk checking whether make sets $(MAKE)... yes checking for gawk... (cached) gawk checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ANSI C... none needed checking for style of include used by make... GNU checking dependency style of gcc... gcc 1checking for a BSD-compatible install... /usr/bin/install -c checking whether ln -s works... yes checking whether make sets $(MAKE)... (cached) yes checking for ld used by GCC... /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... yes checking for /usr/bin/ld option to reload object files... -r checking for BSD-compatible nm... /usr/bin/nm -B checking how to recognise dependant libraries... file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib ) checking command to parse /usr/bin/nm -B output... ok checking how to run the C preprocessor... gcc -E checking for egrep... grep -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... no checking for stdint.h... no checking for unistd.h... yes checking dlfcn.h usability... yes checking dlfcn.h presence... yes checking for dlfcn.h... yes checking for file... /usr/bin/file checking for ranlib... ranlib checking for strip... strip checking for objdir... .libs checking for gcc option to produce PIC... -fPIC checking if gcc PIC flag -fPIC works... yes checking if gcc static flag -static works... yes checking if gcc supports -c -o file.o... yes checking if gcc supports -c -o file.lo... yes checking if gcc supports -fno-rtti -fno-exceptions... no checking whether the linker (/usr/bin/ld) supports shared libraries... yes checking how to hardcode library paths into programs... immediate checking whether stripping libraries is possible... yes checking dynamic linker characteristics... GNU/Linux ld.so checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... yes checking whether -lc should be explicitly linked in... yes creating libtool checking for ANSI C header files... (cached) yes checking for stdint.h... (cached) no checking for unistd.h... (cached) yes checking sys/int_types.h usability... no checking sys/int_types.h presence... no checking for sys/int_types.h... no checking for dlfcn.h... (cached) yes checking for inttypes.h... (cached) no checking sys/inttypes.h usability... no checking sys/inttypes.h presence... no checking for sys/inttypes.h... no checking for memory.h... (cached) yes checking ndir.h usability... no checking ndir.h presence... no checking for ndir.h... no checking for stdlib.h... (cached) yes checking for strings.h... (cached) yes checking for string.h... (cached) yes checking sys/mman.h usability... yes checking sys/mman.h presence... yes checking for sys/mman.h... yes checking sys/param.h usability... yes checking sys/param.h presence... yes checking for sys/param.h... yes checking for sys/stat.h... (cached) yes checking for sys/types.h... (cached) yes checking malloc.h usability... yes checking malloc.h