Re: [Clamav-users] Unable to open file or directory ERROR
Hello, Grant Supp wrote: I'm using Clam AV 0.80 with Qmail-Scanner 1.23 and receive the following lines in my clamd.log: Tue Oct 19 15:22:34 2004 - /var/spool/qmailscan/tmp/newmail01.readyhosting.com109821735148216078/1098217354.16090-1.newmail01.readyhosting.com: Trojan.Dropper.JS.Zerolin-6 FOUND Tue Oct 19 15:30:44 2004 - /var/spool/qmailscan/tmp/newmail01.readyhosting.com109821784448218517/test.zip: ClamAV-Test-Signature FOUND Tue Oct 19 15:40:14 2004 - SelfCheck: Database status OK. Tue Oct 19 15:53:44 2004 - /var/spool/qmailscan/tmp/newmail01.readyhosting.com109821922448224690/Order - Hearing and Appeal.pdf: Unable to open file or directory ERROR Tue Oct 19 16:10:29 2004 - SelfCheck: Database status OK. Tue Oct 19 16:32:40 2004 - /var/spool/qmailscan/tmp/newmail01.readyhosting.com10982215584824569/text.zip: Worm.Mydoom.I FOUND Tue Oct 19 16:36:09 2004 - /var/spool/qmailscan/tmp/newmail01.readyhosting.com10982217694825599/Untitled Attachment: Unable to open file or directory ERROR Unable to open file or directory ERROR -- does anyone have any idea how to begin troubleshooting this intermittent problem? Is it always when scanning the same files ? Could You try another ? Could You try the same file with OLE2 support disabled ? I'm curious if this is OLE2 related Regards Boguslaw Brandys ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Upgrade from 75.1 to 80
[EMAIL PROTECTED] wrote: I have downloaded ver80 and now I'm not sure how to proceed. I've read the manual but I can't info on how to upgrade, is it best to remove the previous version or install over it.? This came from someone on the list, I've just made a few minor changes With ver 0.80 they changed clamav.conf to clamd.conf so either call the old .conf direct or copy /etc/backup.clamav.conf /etc/clamd.conf Graham Updating ClamAv Binary The cleanest process would be: unpack the old distribution: tar -zxf clamav-0.70.tar.gz run configure cd clamav-0.70 ./configure Unpack the new distribution: cd .. tar -zxf clamav-0.75.tar.gz run configure: cd clamav-0.75 ./configure become root compile it: make # backup running clamav.conf cp /etc/clamav.conf /etc/backup.clamav.conf /etc/rc.d/init.d/exim stop /etc/rc.d/init.d/clamav stop #check that clamav processes have stopped (if not then kill manually) ps ax | grep clamav uninstall the existing clamav stuff: cd ../clamav-0.70 make uninstall install the new stuff: cd ../clamav-0.75 make install # copy working clamav.conf cp /etc/backup.clamav.conf /etc/clamav.conf /etc/rc.d/init.d/clamav start run freshclam /etc/rc.d/init.d/exim start ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] OT - embedded message/rfc822 mimeparts in messages on this list
On Tue, 19 Oct 2004 at 17:20:38 -0500, Daniel J McDonald wrote: Am I the only one who sees several of the posters with embedded: Content-Type: message/rfc822 that includes embedded text/plain attachments. Evolution opens them up with only one extra step, but if I'm stuck with Outlook (or worse, OWA) you have to open three levels of attachments to read the text of the e-mail. I have never paid attention to that because mutt displays them without any trouble. Just started when we switched from sourceforge to Luca's mailman server. Not really. I've just searched my archive and I've found such messages dated far more ago (since February). From various senders. If I'm the only one seeing it I'll troubleshoot my amavis-new config to see if it is doing something bizarre... -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] OT - embedded message/rfc822 mimeparts in messages on this list
On Tue, 19 Oct 2004 at 19:51:48 -0500, Damian Menscher wrote: On Tue, 19 Oct 2004, Daniel J McDonald wrote: Am I the only one who sees several of the posters with embedded: Content-Type: message/rfc822 [...] Yes, I'm seeing them, and they're annoying as hell. Most of them seem to be from Trog, thought the other poster that said they were forwarded That's strange as none of messages from Trog to clamav-users (as delivered to my mailbox) contains rfc822. So maybe some local problem at your sites?... -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] New version Clamd with Daemontools
On Wed, 20 Oct 2004 at 12:02:57 +0800, Awie wrote: Finally I can supervise new version of clamd. There are some parameter of clamav.conf that no need anymore in clamd.conf. After editing some lines, it works well. However, Qmail-scanner still has unrecognize command that I sure it should be OK. Wed, 20 Oct 2004 11:50:22 EDT:4600: run /usr/local/bin/clamdscan -r --disable-summary --max-recursion=10 --max-space =10 /var/spool/qmailscan/tmp/Cybergate10982874224824600 21 WARNING: Ignoring option -r: please edit clamd.conf instead. WARNING: Ignoring option --max-recursion: please edit clamd.conf instead. WARNING: Ignoring option --max-space: please edit clamd.conf instead. Not OK. These command-line options were never supported in clamdscan. They were just silently ignored previously. Now the explicit warnings are printed. Type 'man clamdscan' or 'clamdscan -h' for the list of accepted command-line options. Other options can be enabled in clamd.conf, as shown in the warnings. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] OT - embedded message/rfc822 mimeparts in messageson this list
From: Tomasz Papszun [EMAIL PROTECTED] Sent: Wednesday, October 20, 2004 9:39 AM On Tue, 19 Oct 2004 at 19:51:48 -0500, Damian Menscher wrote: On Tue, 19 Oct 2004, Daniel J McDonald wrote: Am I the only one who sees several of the posters with embedded: Content-Type: message/rfc822 [...] Yes, I'm seeing them, and they're annoying as hell. Most of them seem to be from Trog, thought the other poster that said they were forwarded That's strange as none of messages from Trog to clamav-users (as delivered to my mailbox) contains rfc822. So maybe some local problem at your sites?... The problem cames because of --===0453890036== Content-Type: multipart/signed; micalg=pgp-sha1; protocol=application/pgp-signature; boundary==-Shp30pRQqE5b/5PuEPY1 --=-Shp30pRQqE5b/5PuEPY1 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable and everybody with the following signature has this problem. At least the most of the time ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users With kind regards, Met vriendelijke groet, Maurice Lucas TAOS-IT ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] New version Clamd with Daemontools
However, Qmail-scanner still has unrecognize command that I sure it should be OK. Wed, 20 Oct 2004 11:50:22 EDT:4600: run /usr/local/bin/clamdscan -r --disable-summary --max-recursion=10 --max-space =10 /var/spool/qmailscan/tmp/Cybergate10982874224824600 21 WARNING: Ignoring option -r: please edit clamd.conf instead. WARNING: Ignoring option --max-recursion: please edit clamd.conf instead. WARNING: Ignoring option --max-space: please edit clamd.conf instead. Not OK. These command-line options were never supported in clamdscan. They were just silently ignored previously. Now the explicit warnings are printed. So far my system run well (around 4 hours since upgraded), with those condition. The command run well in the older version of Clamdscan. It is indicated I did not find the WARNING. However, it is better not running unsupported parameter. Type 'man clamdscan' or 'clamdscan -h' for the list of accepted command-line options. Other options can be enabled in clamd.conf, as shown in the warnings. Yes, there is no parameter above that be supported by version 0.80. I have email the developer of Qmail-Scanner to change their code to remove the wrong line. As it is not ClamAV portion to fix those issue. Thx Rgds, Awie ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] clamav on aix 5.2
Hi, I'm trying to upgrade from 0.75 to 0.80 on aix 5.2, using gcc 3.3.4 and gnu ld 2.15. configure script cannot find libmilter. # ./configure --enable-milter checking resolv.h usability... yes checking resolv.h presence... yes checking for resolv.h... yes checking whether setpgrp takes no argument... yes checking for __gmpz_init in -lgmp... yes checking for curl = 7.10.0... syntax error on line 1 stdin 7.12.2 checking for mi_stop in -lmilter... no checking for library containing strlcpy... no checking for mi_stop in -lmilter... no configure: error: Cannot find libmilter libmilter.a exists under both /usr/lib and /usr/local/lib. using LDFLAGS before configure did not work. any idea??? thanks tayfun asker email: tasker_a_metu.edu.tr ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] qmail-scanner-1.23 and clamav 0.80
* Jim Maul [EMAIL PROTECTED] [2004-10-19 16:14]: Its actually --no-summary although --disable-summary may still work. Oh yes, thank you. I just removed all args that appeared in my log as obsolete. Alex -- Alex Pleinerzeitform Internet Dienste mailto:[EMAIL PROTECTED] Fraunhoferstraße 5 PGP S/MIME: http://key.zeitform.de/ap 64283 Darmstadt, Germany Tel./Fax: +49 (0) 6151 155-635 / -634 http://www.zeitform.de ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] OT - embedded message/rfc822 mimeparts in messages on this list
Stephen Gran wrote: On Tue, Oct 19, 2004 at 06:26:30PM -0700, Todd Lyons said: Christopher X. Candreva wanted us to know: Yes, I'm seeing them, and they're annoying as hell. Most of them seem to be from Trog, thought the other poster that said they were forwarded messages broke his own claim, since his had the same issue. Ah -- could this be people who PGP-sign their messages ? Yes, inline signing would probably fix that issue. In my last message, I see: Content-Type: multipart/signed; micalg=pgp-sha1; protocol=application/pgp-signature; boundary=TakKZr9L6Hm6aLOc Content-Disposition: inline It is an inline, gpg signed message. I had no idea how many broken MUA's there are out there :) My girlfriend tells me that she has to jump through hoops to open a signed message in Outlook, but I didn't think that would be the case with *nix mailers for the most part. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Using thunderbird i get the message open just fine by double clicking it. It claims there are 2 attachments however and they are both text. The first one is: -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBddgzSYIMHOpZA44RAnlCAJ9FXq9REDpfNiJB2yKrgekQgyo/lgCeLMO9 iiZ36HWlztCl1jMiyx5aEoM= =o09n -END PGP SIGNATURE- and the second: ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users But as mentioned above, it only happens on the gpg messages. -Jim ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] New version Clamd with Daemontools
Awie wrote: However, Qmail-scanner still has unrecognize command that I sure it should be OK. Wed, 20 Oct 2004 11:50:22 EDT:4600: run /usr/local/bin/clamdscan -r --disable-summary --max-recursion=10 --max-space =10 /var/spool/qmailscan/tmp/Cybergate10982874224824600 21 WARNING: Ignoring option -r: please edit clamd.conf instead. WARNING: Ignoring option --max-recursion: please edit clamd.conf instead. WARNING: Ignoring option --max-space: please edit clamd.conf instead. Not OK. These command-line options were never supported in clamdscan. They were just silently ignored previously. Now the explicit warnings are printed. So far my system run well (around 4 hours since upgraded), with those condition. The command run well in the older version of Clamdscan. It is indicated I did not find the WARNING. However, it is better not running unsupported parameter. Type 'man clamdscan' or 'clamdscan -h' for the list of accepted command-line options. Other options can be enabled in clamd.conf, as shown in the warnings. Yes, there is no parameter above that be supported by version 0.80. I have email the developer of Qmail-Scanner to change their code to remove the wrong line. As it is not ClamAV portion to fix those issue. He is well aware of the issue and has been working on a 1.24 version of QS to fix these issues. Should be soon now.. -Jim ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Upgrade from 75.1 to 80
[EMAIL PROTECTED] wrote: I havrecommendaded ver80 and now I'm not sure how to proceed. I've read the manual but I can't info on how to upgrade, is it best to remove the previous version or install over it.? This came from someone on the list, I've just made a few minor changes With ver 0.80 they changed clamav.conf to clamd.conf so either call the old .conf direct or copy /etc/backup.clamav.conf /etc/clamd.conf I would recomend going through the new clamd.conf and editing it. There are many options in clamav.conf that have been removed from the new version. Graham -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamav on aix 5.2
Hi, I'm trying to upgrade from 0.75 to 0.80 on aix 5.2, using gcc 3.3.4 and gnu ld 2.15. configure script cannot find libmilter. # ./configure --enable-milter checking resolv.h usability... yes checking resolv.h presence... yes checking for resolv.h... yes checking whether setpgrp takes no argument... yes checking for __gmpz_init in -lgmp... yes checking for curl = 7.10.0... syntax error on line 1 stdin 7.12.2 checking for mi_stop in -lmilter... no checking for library containing strlcpy... no checking for mi_stop in -lmilter... no configure: error: Cannot find libmilter libmilter.a exists under both /usr/lib and /usr/local/lib. using LDFLAGS before configure did not work. any idea??? thanks After running configure, look through the config.log file. This file will show exactly the error encountered while trying to compile the milter. tayfun asker email: tasker_a_metu.edu.tr ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] 0.80 Build Errors
On Wed, 20 Oct 2004 08:29:37 -0400, Scott Rothgaber [EMAIL PROTECTED] wrote: On FreeBSD 4.10 I get the following. Is this covered somewhere? 0.75.1 built without a hitch. Have you tried installing it from the ports? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] 0.80 Build Errors
Scott Rothgaber wrote: On FreeBSD 4.10 I get the following. Is this covered somewhere? 0.75.1 built without a hitch. cd /usr/ports/security/clamav make install clean Worked fine for me. -- Robert Blayzor, BOFH INOC, LLC rblayzor@(inoc.net|gmail.com) PGP: http://www.inoc.net/~dev/ Key fingerprint = 1E02 DABE F989 BC03 3DF5 0E93 8D02 9D0B CB1A A7B0 Portable: Survives system reboot. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] malformed database
Hi, I've got a strange problem I cannot track down. After clean databases update, clamd refuses to start: Starting Clam AntiVirus Daemon: clamdLibClamAV debug: Setting /var/tmp as global temporary directory LibClamAV debug: Loading databases from /var/lib/clamav LibClamAV debug: Loading /var/lib/clamav/daily.cvd LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = da6bae063e83fcf529a0df8f1d6db68b LibClamAV debug: Decoded signature: da6bae063e83fcf529a0df8f1d6db68b LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /var/tmp/clamav-45f848696ec0f2b4/COPYING LibClamAV debug: Unpacking /var/tmp/clamav-45f848696ec0f2b4/daily.db LibClamAV debug: Unpacking /var/tmp/clamav-45f848696ec0f2b4/daily.hdb LibClamAV debug: Unpacking /var/tmp/clamav-45f848696ec0f2b4/daily.ndb LibClamAV debug: Loading databases from /var/tmp/clamav-45f848696ec0f2b4 LibClamAV debug: Loading /var/tmp/clamav-45f848696ec0f2b4/daily.db LibClamAV debug: Initializing main node LibClamAV debug: Initializing trie LibClamAV debug: Initializing BM tables LibClamAV debug: in cli_bm_init() LibClamAV debug: BM: Number of indexes = 63744 LibClamAV debug: Loading /var/tmp/clamav-45f848696ec0f2b4/daily.hdb LibClamAV debug: Initializing md5 list structure LibClamAV debug: Loading /var/tmp/clamav-45f848696ec0f2b4/daily.ndb LibClamAV debug: Loading /var/lib/clamav/main.cvd LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 78a60e62ed7ccb772876ebeda22b7739 LibClamAV debug: MD5 verification error. LibClamAV Error: Malformed database file /var/lib/clamav/main.cvd LibClamAV debug: cl_loaddbdir(): error loading database /var/lib/clamav/main.cvd ERROR: MD5 verification error sigtool says: sigtool --list |tail Caramon.402 CARBUNCA Carbuncle Carcass.1796 Carcel Career.446 Career-446 Career ERROR: listdb(): Malformed pattern line 2249 (file /tmp/clamav-b4085fd53ad22268/main.db). ERROR: listdb(): error listing database /tmp/clamav-b4085fd53ad22268/main.db If I remove all cvd files and do database update, clamd starts without problems. If freshclam gets called from cron, I get the following error. Always the same line (2249), on both 0.75.1 and 0.80 Any ideas? WBR Dmitry ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] malformed database
Dmitry Alexeyev wrote: If I remove all cvd files and do database update, clamd starts without problems. If freshclam gets called from cron, I get the following error. Always the same line (2249), on both 0.75.1 and 0.80 Now HOW did you update your database without freshclam? manually copy .cvd files? which db version you get (latest is 540)? Does it still happen if you run freshclam manually (e.g. not from cron) ? what system are you on? 0.80 runs ok on Fedora, Solaris, AIX, and even Win32 (with cygwin. Some modifications needed on non-cygwin). Regards, Fajar A little OT side note : spreadfirefox.com is gathering money to run full-page ad on NY times. This has generate lots of buzz, and from the number of names they already got around $84000 in less then ONE day. Any chance for ClamAV doing similar thing? ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] 0.80 Build Errors
Rob MacGregor wrote: Have you tried installing it from the ports? Duh! I didn't think that it would be up so quickly. It's building, sans complaints, right now. Thanks for the tip! ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] cl_loaddbdir(): Can't open directory
Just installed version 0.80. clamdscan . runs fine saying --- /usr/local/clamav/etc/./TestFile: ClamAV-Test-Signature FOUND --- SCAN SUMMARY --- Infected files: 1 Time: 0.044 sec (0 m 0 s) BUT clamscan -r . gives error message - LibClamAV Error: cl_loaddbdir(): Can't open directory /usr/ClamAV/data0 ERROR: Unable to open file or directory --- SCAN SUMMARY --- Known viruses: 0 Scanned directories: 0 Scanned files: 0 Infected files: 0 Data scanned: 0.00 MB I/O buffer size: 131072 bytes Time: 0.004 sec (0 m 0 s) Both freshclam.conf and clamd.conf contain DatabaseDirectory /usr/ClamAV/data/ What's causing the error ? --Frank Elsner ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] malformed database
On Wednesday 20 October 2004 17:53, Fajar A. Nugraha wrote: Dmitry Alexeyev wrote: If I remove all cvd files and do database update, clamd starts without problems. If freshclam gets called from cron, I get the following error. Always the same line (2249), on both 0.75.1 and 0.80 Now HOW did you update your database without freshclam? manually copy .cvd files? freshclam runs from cron. which db version you get (latest is 540)? latest one is ok now. No idea what happens on next update. I can't leave it on production system. BTW, same happens with databases which come with 0.80, same line Does it still happen if you run freshclam manually (e.g. not from cron) ? No. sometimes. Seems to be very sporadic, except 0.80 databases what system are you on? Linux 2.2 0.80 runs ok on Fedora, Solaris, AIX, and even Win32 (with cygwin. Some modifications needed on non-cygwin). I have no doubt it runs perfect for you :) WBR Dmitry ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Mirror in Argentina
Hi, I just installed ClamAV on a Debian Sarge machine and I got the option to select the mirror for freshclam. I choose the local mirror offered db.ar.clamav.net (ar is for Argentina), but freshclam failed: ClamAV update process started at Wed Oct 20 10:13:02 2004 Reading CVD header (main.cvd): ERROR: Malformed CVD header detected. ERROR: Can't read main.cvd header from db.ar.clamav.net (200.68.106.39) I checked the ClamAV site and found in http://www.clamav.net/mirrors.html#ar that I can use clamav.xmundo.net and it run fine: ClamAV update process started at Wed Oct 20 10:13:47 2004 Reading CVD header (main.cvd): OK Downloading main.cvd [*] main.cvd updated (version: 27, sigs: 23982, f-level: 2, builder: tomek) Reading CVD header (daily.cvd): OK Downloading daily.cvd [*] daily.cvd updated (version: 540, sigs: 1397, f-level: 3, builder: trog) WARNING: Your ClamAV installation is OUTDATED - please update immediately ! WARNING: Current functionality level = 2, required = 3 Database updated (25379 signatures) from clamav.xmundo.net (200.68.106.39). Clamd successfully notified about the update. Now... after reading the messages again, I noticed that the IP for db.ar.clamav.net is the same as the one for clamav.xmundo.net... So I tried entering both names and the address in my browser... now http://clamav.xmundo.net/ shows me a small page saying it is a clamav mirror, but http://db.ar.clamav.net/ shows me... the home page for http://php.net and that is the same I get if I put http://200.68.106.39/ This site seems to be running Apache, so apparently, the only problem is that db.ar.clamav.net is not within the 'ServerAlias' entries for the clamav.xmundo.net Server... Since I'm not a mirror admin, I shouldn't (and I don't want to) subscribe to [EMAIL PROTECTED] Would someone on both lists (or Luca) contact the people from clamav.xmundo.net and ask them to add a single line ServerAlias db.ar.clamav.net within the virtual server with ServerName clamav.xmundo.net TIA -- Mariano Absatz - El Baby el (dot) baby (AT) gmail (dot) com el (punto) baby (ARROBA:@) gmail (punto) com ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Re: Mirror in Argentina
Hello Mariano Absatz, Would someone on both lists (or Luca) contact the people from clamav.xmundo.net and ask them to add a single line ServerAlias db.ar.clamav.net within the virtual server with ServerName clamav.xmundo.net Thanks for notifying me of the problem. When I accept a new mirror I _always_ check that it's configured properly (I ask them to use ServerAlias db.*.clamav.net). Sometimes a sysadmin change the configuration afterwards without prior advice and without an apparent reason. I'll contact him immediately. Best regards -- Luca Gibelli ([EMAIL PROTECTED]) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] cl_loaddbdir(): Can't open directory
Not to sound too obvious, but, does the directory /usr/ClamAV/data/ exist? (case sensitive) -Mikel- On Wed, 20 Oct 2004 16:14:58 +0200, Frank Elsner [EMAIL PROTECTED] wrote: Just installed version 0.80. clamdscan . runs fine saying --- /usr/local/clamav/etc/./TestFile: ClamAV-Test-Signature FOUND --- SCAN SUMMARY --- Infected files: 1 Time: 0.044 sec (0 m 0 s) BUT clamscan -r . gives error message - LibClamAV Error: cl_loaddbdir(): Can't open directory /usr/ClamAV/data0 ERROR: Unable to open file or directory --- SCAN SUMMARY --- Known viruses: 0 Scanned directories: 0 Scanned files: 0 Infected files: 0 Data scanned: 0.00 MB I/O buffer size: 131072 bytes Time: 0.004 sec (0 m 0 s) Both freshclam.conf and clamd.conf contain DatabaseDirectory /usr/ClamAV/data/ What's causing the error ? --Frank Elsner ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] malformed database
Dmitry Alexeyev wrote: On Wednesday 20 October 2004 17:53, Fajar A. Nugraha wrote: Dmitry Alexeyev wrote: If I remove all cvd files and do database update, clamd starts without problems. If freshclam gets called from cron, I get the following error. Always the same line (2249), on both 0.75.1 and 0.80 Now HOW did you update your database without freshclam? manually copy .cvd files? freshclam runs from cron. Actually I was wondering how did you remove all cvd files and do database update, clamd starts without problems when If freshclam gets called from cron, I get the following error? If freshclam indeed cause the error, and you update with freshclam, then you should still have the problem when you do database update, right? which db version you get (latest is 540)? latest one is ok now. No idea what happens on next update. I can't leave it on production system. BTW, same happens with databases which come with 0.80, same line Hmmm ... I was going to suggest that a database mirror might have bad data, but when you say same happens with databases which come with 0.80 I know that it's not the db mirrors fault. On my system, using 0.80's main and daily.cvd : [EMAIL PROTECTED] clamav-stable-build]$ sudo /usr/local/sbin/clamd [EMAIL PROTECTED] clamav-stable-build]$ /usr/local/sbin/clamd -V ClamAV 0.80/533/Sun Oct 17 08:09:44 2004 [EMAIL PROTECTED] clamav-stable-build]$ tail -100 /usr/local/share/clamav/clamd.log Wed Oct 20 21:50:37 2004 - clamd daemon 0.80 (OS: linux-gnu, ARCH: i386, CPU: i686) Wed Oct 20 21:50:37 2004 - Log file size limit disabled. Wed Oct 20 21:50:37 2004 - Running as user root (UID 0, GID 0) Wed Oct 20 21:50:37 2004 - Reading databases from /usr/local/share/clamav Wed Oct 20 21:50:37 2004 - Protecting against 25253 viruses. Wed Oct 20 21:50:37 2004 - Unix socket file /tmp/clamd Wed Oct 20 21:50:37 2004 - Setting connection queue length to 30 Wed Oct 20 21:50:37 2004 - Archive: Archived file size limit set to 10485760 bytes. Wed Oct 20 21:50:37 2004 - Archive: Recursion level limit set to 5. Wed Oct 20 21:50:37 2004 - Archive: Files limit set to 1000. Wed Oct 20 21:50:37 2004 - Archive: Compression ratio limit set to 250. Wed Oct 20 21:50:37 2004 - Archive support enabled. Wed Oct 20 21:50:37 2004 - Archive: RAR support disabled. Wed Oct 20 21:50:37 2004 - Portable Executable support enabled. Wed Oct 20 21:50:37 2004 - Mail files support enabled. Wed Oct 20 21:50:37 2004 - OLE2 support enabled. Wed Oct 20 21:50:37 2004 - HTML support enabled. Wed Oct 20 21:50:37 2004 - Self checking every 1800 seconds. You can see clamd 0.80 starts up OK with db version 533 Does it still happen if you run freshclam manually (e.g. not from cron) ? No. sometimes. Seems to be very sporadic, except 0.80 databases So you're saying that you ALWAYS get error with the main and daily.cvd distributed in 0.80? what system are you on? Linux 2.2 Try http://clamav.or.id/stable/clamav-0.80.linux-static.tar.gz, and replace main.cvd and daily.cvd with the one on 0.80. If my static version works (it works here), then most likely some library on your system is at fault here. Linux 2.2 (and the accompanying libs) IS rather old :) 0.80 runs ok on Fedora, Solaris, AIX, and even Win32 (with cygwin. Some modifications needed on non-cygwin). I have no doubt it runs perfect for you :) What I meant was if you run similar system, you could probably use my build script, binaries, or config files if you get stuck with the default source or RPM. Since you use Linux 2.2 (on x86, I assume?) my Linux static binary should work. Regards, Fajar ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] cl_loaddbdir(): Can't open directory
On Wed, 20 Oct 2004 16:14:58 +0200, Frank Elsner [EMAIL PROTECTED] wrote: Just installed version 0.80. clamdscan . runs fine saying --- [snip] BUT clamscan -r . gives error message - LibClamAV Error: cl_loaddbdir(): Can't open directory /usr/ClamAV/data0 ERROR: Unable to open file or directory [snip] Both freshclam.conf and clamd.conf contain DatabaseDirectory /usr/ClamAV/data/ You DID compile it from source, right? Last time I check clamscan use compiled-time database directory (in this case seems to be /usr/ClamAV/data0), and ignores clamd.conf completely. You COULD use -d FILE/DIR command line parameter. My guess is you have a typo during ./configure so it says /usr/ClamAV/data0 (note the 0) instead of /usr/ClamAV/data. Try clamscan -r -d /usr/ClamAV/data . Regards, Fajar ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV 0.80 Compilation
On Tue, 19 Oct 2004 14:11:53 -0400, Robin, Rob [EMAIL PROTECTED] wrote: gcc version 2.95.2. BSDi 4.2 (i hate to be on a dead OS, moving to linux soon). LOL. You got that right. I see anything that still use gcc 2.x as obsolete :) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Unable to open file or directory ERROR
Boguslaw Brandys wrote: Is it always when scanning the same files ? Could You try another ? Could You try the same file with OLE2 support disabled ? I'm curious if this is OLE2 related It seems to happen when scanning the same files. Untitled Attachment seems to cause the problem evey time. I think this attachment might be generated by Outlook 2003 when assigning a task to a user, although I'm not sure, since I don't have a copy of Outlook 2003. I see several lines with the error for Order - Hearing and Appeal.pdf so that file seems to be a problem as well. I've already disabled OLE2 support since I was having this same problem a lot with Microsoft Word .doc files. I even got one today with a gif file: Wed Oct 20 09:27:51 2004 - /var/spool/qmailscan/tmp/newmail01.readyhosting.com10982824714822434/image001.gif: Unable to open file or directory ERROR Here's my startup output to show the scanning options: Tue Oct 19 14:40:04 2004 - clamd daemon 0.80 (OS: linux-gnu, ARCH: i386, CPU: i686) Tue Oct 19 14:40:04 2004 - Log file size limit disabled. Tue Oct 19 14:40:04 2004 - Running as user qscand (UID 504, GID 505) Tue Oct 19 14:40:04 2004 - Reading databases from /var/lib/clamav Tue Oct 19 14:40:04 2004 - Protecting against 25379 viruses. Tue Oct 19 14:40:04 2004 - Bound to address 127.0.0.1 on port 3310 Tue Oct 19 14:40:04 2004 - Setting connection queue length to 30 Tue Oct 19 14:40:04 2004 - RECOMMENDED OPTIONS DISABLED. Tue Oct 19 14:40:04 2004 - Archive: Archived file size limit set to 10485760 bytes. Tue Oct 19 14:40:04 2004 - Archive: Recursion level limit set to 5. Tue Oct 19 14:40:04 2004 - Archive: Files limit set to 1000. Tue Oct 19 14:40:04 2004 - Archive: Compression ratio limit set to 250. Tue Oct 19 14:40:04 2004 - Archive support enabled. Tue Oct 19 14:40:04 2004 - Archive: RAR support disabled. Tue Oct 19 14:40:04 2004 - Portable Executable support enabled. Tue Oct 19 14:40:04 2004 - Mail files support enabled. Tue Oct 19 14:40:04 2004 - OLE2 support disabled. Tue Oct 19 14:40:04 2004 - HTML support disabled. Tue Oct 19 14:40:04 2004 - Self checking every 1800 seconds. -Grant Supp ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] malformed database
What I meant was if you run similar system, you could probably use my build script, binaries, or config files if you get stuck with the default source or RPM. Since you use Linux 2.2 (on x86, I assume?) my Linux static binary should work. Thank you. Looks like I am kinda lost with all these databases. I saved corrupt database and your static binary also told me it's corrupt. I have checked 0.80 databases - they appeared to be okay. I totally forgot that my spec put freshest database files into rpm, and that was corrupted database. Perhaps it is really corrupt data from a mirror. I will now exactly tomorrow, if freshclam from crontab will download corrupt database again. Thanks Dmitry ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] malformed database
On Wed, 20 Oct 2004 19:40:52 +0400 Dmitry Alexeyev [EMAIL PROTECTED] wrote: What I meant was if you run similar system, you could probably use my build script, binaries, or config files if you get stuck with the default source or RPM. Since you use Linux 2.2 (on x86, I assume?) my Linux static binary should work. Thank you. Looks like I am kinda lost with all these databases. I saved corrupt database and your static binary also told me it's corrupt. I have checked 0.80 databases - they appeared to be okay. I totally forgot that my spec put freshest database files into rpm, and that was corrupted database. Perhaps it is really corrupt data from a mirror. I will now exactly tomorrow, if freshclam from crontab will download corrupt database again. That should not be possible. Freshclam always verifies the MD5 sum and the digital signature of the database. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Oct 20 17:49:48 CEST 2004 pgpi1q0v7qKNy.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] malformed database
On Wednesday 20 October 2004 19:50, Tomasz Kojm wrote: On Wed, 20 Oct 2004 19:40:52 +0400 Dmitry Alexeyev [EMAIL PROTECTED] wrote: What I meant was if you run similar system, you could probably use my build script, binaries, or config files if you get stuck with the default source or RPM. Since you use Linux 2.2 (on x86, I assume?) my Linux static binary should work. Thank you. Looks like I am kinda lost with all these databases. I saved corrupt database and your static binary also told me it's corrupt. I have checked 0.80 databases - they appeared to be okay. I totally forgot that my spec put freshest database files into rpm, and that was corrupted database. Perhaps it is really corrupt data from a mirror. I will now exactly tomorrow, if freshclam from crontab will download corrupt database again. That should not be possible. Freshclam always verifies the MD5 sum and the digital signature of the database. Actually I don't know what happens, but it happens already for several database updates. I saw such issues before and they were sporadic, disappearing after next update. Maybe it is interrupted cron job, network issues or anything else. I am pretty sure nothing changes database files after update. Perhaps it is even filesystem issue, I don't know. Fingers crossed it won't happen tomorrow WBR Dmitry ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
AW: [Clamav-users] ClamAV 0.80 and leave-temps
Hi http://assp.sourceforge.net/: 8. Basic anti-virus filtering using the ClamAV virus databases. They should use libclamav. Currently that software will miss most of the new malware. If you are with contact with them please ask them to remove the above point from their main site as this is a false sense of security. FYI from their message board: I wonder if it is at all possible to use libclamav with ASSP? If so, it would definately eliminate the need of running a amavisd/clamav combination along with ASSP. By: Robert Orso - rorso RE: ClamAV 0.80 2004-10-19 22:49 It is possible. We currently have several external tools incorporated into the ASSP functionality. Ihe idea of the inline AV scanning is quite clever as the data is compared against a reduced virus database just as it streams in. Using an external scanning engine requires that the message first has to be received in full and then it is checked against a bigger database that looks for enemies that do not arrive per mail too - takes more time. The ClamAV community is very active. It would benefit ASSP to rely on their good work and just use whatever they will breed in the future without concerning the internals. To fully restore AV capabilities in ASSP again, we most likely will change the processing to external scan than adapting to the new database within ASSP core. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] cl_loaddbdir(): Can't open directory
On Wed, 20 Oct 2004 08:59:22 MDT Mikel Bauer wrote: Not to sound too obvious, but, does the directory /usr/ClamAV/data/ exist? (case sensitive) YES. ls -la /usr/ClamAV/data/ total 1378 drwxrwxr-x2 clamav exim 2048 Oct 20 17:08 . drwxrwxr-x 10 clamav root 2048 Oct 7 22:28 .. -rw-r--r--1 clamav exim 111540 Oct 20 17:08 daily.cvd -rw-r--r--1 clamav exim 1284637 Oct 19 17:39 main.cvd On Wed, 20 Oct 2004 22:07:25 +0700 Fajar A. Nugraha said: You DID compile it from source, right? Last time I check clamscan use compiled-time database directory (in this case seems to be /usr/ ClamAV/data0), and ignores clamd.conf completely. You COULD use -d FILE/DIR command line parameter. My guess is you have a typo during ./configure so it says /usr/ClamAV/ data0 (note the 0) instead of /usr/ClamAV/data. Try clamscan -r -d /usr/ClamAV/data . No typo in configure which reads ./configure --prefix=/usr/ClamAV --sbindir=/usr/ClamAV/bin \ --datadir=/usr/ClamAV/data --mandir=/usr/local/man \ --disable-clamav clamscan -r -d /usr/ClamAV/data . did it. --Frank Elsner ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] malformed database
On Wed, 20 Oct 2004 20:07:24 +0400 Dmitry Alexeyev [EMAIL PROTECTED] wrote: Maybe it is interrupted cron job, network issues or anything else. I I don't think so. am pretty sure nothing changes database files after update. Perhaps it is even filesystem issue, I don't know. Fingers crossed it won't happen tomorrow Something must be seriously broken on your systems. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Oct 20 18:14:22 CEST 2004 pgpeFxD2BO74U.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] buglet in how clamdscan reports perm issues
This is with clamav 0.80 I went to scan a Phishing scam email by using clamdscan. I'd forgotten to change the perms on the file to be world-readable, but clamdscan reported: [jhaar]$ clamdscan citifraud.eml ./citifraud.eml: Access denied. ERROR ./citifraud.eml: OK So it saw the access denied - but then it reports OK? Is that intentional? If you were scripting clamdscan and were basing decisions on the output - that could catch you out. [Obviously you should be monitoring the exit status instead - but you know how people are ;-)] If you emulate the same problem with clamscan - it just reports access denied - no following OK... Keep up the good work guys - ClamAV is superb!!! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] buglet in how clamdscan reports perm issues
On Thu, 21 Oct 2004 06:26:46 +1300 Jason Haar [EMAIL PROTECTED] wrote: [jhaar]$ clamdscan citifraud.eml ./citifraud.eml: Access denied. ERROR ./citifraud.eml: OK So it saw the access denied - but then it reports OK? Fixed in CVS. Keep up the good work guys - ClamAV is superb!!! Thanks :-) -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Oct 20 21:06:39 CEST 2004 pgpEHCpZQeqlg.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] clamd/clamscan core on some files under IRIX
I'm running mimedefang/spamassassin/clamav on an IRIX 6.5 machine and have found that some files cause both clamd and clamscan to core. Since I'm still running this combo, I can't forward the message to the list, but it can be found at: ftp://ftp.heloc.com/pub/message.txt.gz Here is the last bit of output from clamscan when run on the file: LibClamAV debug: Mixed message part 25 is of type 3 LibClamAV debug: messageToFileblob LibClamAV debug: blobSetFilename: image.jpg LibClamAV debug: Saving attachment as /var/tmp//clamav-ee97fcadd47b2acf/image.jpgy023QP LibClamAV debug: Mixed message part 26 is of type 3 LibClamAV debug: messageToFileblob LibClamAV debug: blobSetFilename: image.jpg LibClamAV debug: Saving attachment as /var/tmp//clamav-ee97fcadd47b2acf/image.jpgz023QP LibClamAV debug: Mixed message part 27 is of type 3 LibClamAV debug: messageToFileblob LibClamAV debug: blobSetFilename: image.jpg LibClamAV Error: Can't create temporary file : No such file or directory LibClamAV debug: 4 257 0 Segmentation fault (core dumped) I've built clam on Linux and have had no probems with the same file. Could this somehow be a 64-bit issue? Clam .70 seems to scan the file OK, BTW. Any insight would be great. Thanks. Rob ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamd/clamscan core on some files under IRIX
I'm running mimedefang/spamassassin/clamav on an IRIX 6.5 machine and have found that some files cause both clamd and clamscan to core. Since I'm still running this combo, I can't forward the message to the list, but it can be found at: ftp://ftp.heloc.com/pub/message.txt.gz Here is the last bit of output from clamscan when run on the file: LibClamAV debug: Mixed message part 25 is of type 3 LibClamAV debug: messageToFileblob LibClamAV debug: blobSetFilename: image.jpg LibClamAV debug: Saving attachment as /var/tmp//clamav-ee97fcadd47b2acf/image.jpgy023QP I would guess you have an extra / at the end of the following line in clamd.conf: clamd.conf: TemporaryDirectory /var/tmp If there is an extra / at the end remove it, and restart clamd Thanks. Rob ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamd/clamscan core on some files under IRIX
On Wednesday 20 Oct 2004 8:25 pm, Rob Dueckman wrote: Since I'm still running this combo, I can't forward the message to the list, but it can be found at: ftp://ftp.heloc.com/pub/message.txt.gz I've built clam on Linux and have had no probems with the same file. Could this somehow be a 64-bit issue? Clam .70 seems to scan the file OK, BTW. LibClamAV Error: Can't create temporary file : No such file or directory Hmmm. What version are you running? I see: [EMAIL PROTECTED] njh]$ clamscan message.txt.gz message.txt.gz: OK --- SCAN SUMMARY --- Known viruses: 25253 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 1.03 MB I/O buffer size: 131072 bytes Time: 2.831 sec (0 m 2 s) [EMAIL PROTECTED] njh]$ clamscan -V ClamAV devel-20041019/533/Sun Oct 17 02:09:44 2004 [EMAIL PROTECTED] njh]$ Rob -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamd/clamscan core on some files under IRIX
On Wednesday 20 Oct 2004 8:31 pm, Ken Jones wrote: I would guess you have an extra / at the end of the following line in clamd.conf: clamd.conf: TemporaryDirectory /var/tmp I can't see how that is the problem since images 1-26 were saved OK and the filename seems to be missing in part 27 which points to data corruption. Some more info please: 1) You mentioned 64 bit, is it x86_64? 2) What is IRIX? 3) What compiler? 4) Does your system support valgrind? If so please send me the output. 5) Is this version 0.80? -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] OT - embedded message/rfc822 mimeparts in messages on this list
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stephen Gran wanted us to know: Yes, inline signing would probably fix that issue. In my last message, I see: Content-Type: multipart/signed; micalg=pgp-sha1; Mime multipart is not inline signing. It is an inline, gpg signed message. I had no idea how many broken This email that I'm sending is an inline signed message. Look at the difference in the headers of mine compared to the one you were looking at before. Blue skies... - -- Regards... Todd OS X: We've been fighting the It's a mac syndrome with upper management for years now. Lately we've taken to just referring to new mac installations as Unix installations when presenting proposals and updates. For some reason, they have no problem with that. -- /. Linux kernel 2.6.3-19mdkenterprise 2 users, load average: 0.07, 0.06, 0.02 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBdsQ0Y2VBGxIDMLwRAmDCAJ4zPVTyYV9RNnee64xfKUBGxsgN9wCcCP3U +gM+i+cN0Z6LqPIMQo8H6T4= =hnMi -END PGP SIGNATURE- ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamd/clamscan core on some files under IRIX
On Wednesday 20 October 2004 02:52 pm, Nigel Horne wrote: 2) What is IRIX? IRIX is SGI's UNIX. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ scriptkitchen.com/kitchen.asc pgp4Uae8leiXV.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamd/clamscan core on some files under IRIX
On Wed, 2004-10-20 at 15:52, Nigel Horne wrote: On Wednesday 20 Oct 2004 8:31 pm, Ken Jones wrote: I would guess you have an extra / at the end of the following line in clamd.conf: clamd.conf: TemporaryDirectory /var/tmp we have no problem here. I have the line commented out thus clamd (and clamscan) uses its default. The default may have a trailing / in it though... I can't see how that is the problem since images 1-26 were saved OK and the filename seems to be missing in part 27 which points to data corruption. Some more info please: 1) You mentioned 64 bit, is it x86_64? Dope! OK... IRIX is from SGI, and is based on a MIPS processor. It is a big endian processor (actually the processor supports both big and little endian, but it is big in SGI hardware) 2) What is IRIX? SGI's flavour of UNIX 3) What compiler? I've tried both gcc V3.3, and SGI'c MIPSpro cc V7.3.1.3. Same result with both compilers. 4) Does your system support valgrind? If so please send me the output. Sorry, no support for valgrind as this is not an x86 box. I don't have a license for the SGI debug tools either. Sorry 5) Is this version 0.80? Sorry. Yes it is 0.80. I just built clamav-0.75.1 and it was able to scan without duping core. -Nigel Thanks for the quick replys so far! ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] default --checks for freshclam 0.80
The man freshclam page says that -d requires --checks. If I call freshclam -d and don't specify --checks, what happens? Does it revert to the value specified in /etc/freshclam.conf's Checks setting? Or does it just check once when it starts and never check again? I'm confused as to what the use of the Checks setting is if -d doesn't work with it. Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg, ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Independent Testing
I am trying to convince my company to switch to open source where possible. It is much easier if the software has been evaluated by an independent group. Unfortunately, reviews that I could find, including GMX Systematic and Heise magazines, were negative. The opinion seemed to be summed up by Andreas Marx's (of AV-Test.Org) comments to the 2004 Virus Bulletin Conference where he said that results of a particular test were not available for ClamAV, because a large number of files in our test set are still not detected. Are there any independent tests out there that do not paint such a bleak picture? Are there any plans to submit ClamAV or ClamWin to Virus Bulletin? Dave __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Independent Testing
Dave P wrote: I am trying to convince my company to switch to open source where possible. It is much easier if the software has been evaluated by an independent group. Unfortunately, reviews that I could find, including GMX Systematic and Heise magazines, were negative. The opinion seemed to be summed up by Andreas Marx's (of AV-Test.Org) comments to the 2004 Virus Bulletin Conference where he said that results of a particular test were not available for ClamAV, because a large number of files in our test set are still not detected. Are there any independent tests out there that do not paint such a bleak picture? Are there any plans to submit ClamAV or ClamWin to Virus Bulletin? Dave I can't speak for the maintainers, but I think there was some discussion of this on the mailing list awhile back. As I recall, part of the problem was the test set included a lot of obsolete or older Windows 95 type viruses, as well as macro viruses that weren't detected at that time. Since then, I know a lot of the older stuff, as well as macro virus definitions have been added. I think a better test is side-by-side comparisons with standard, commercial, products. If you search the archives, you will some comments from users. For my part, we have Clam installed on the front end mail filter box. We also have a site license still for Norton which runs on the Exchange server and desktops. Since installing ClamAV, we have not seen a single hit by Norton. -Bill ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Where is signature db file
Dear Clamav experts, I just have a fresh clamav installed in FreeBSD 5.3 system. I have a hard time to allocate the signature database in the system. The following commandline have been using for update the signature: clamav 15245 0.0 0.1 2060 1508 ?? Is7:13PM 0:00.03 /usr/local/bin/freshclam -d -c 2 --pid=/var/run/clamav/freshclam.pid --daemon-notify=/usr/local/etc/clamav.conf --daemon Can anyone please tell me where the db is? I basically would like to check how often the db file gets updated by looking at its size. If anyone know how to get a report of signature db update, please also let me know as well. Thanks in advance Sam ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Independent Testing
Bill Randle wrote: Dave P wrote: Are there any independent tests out there that do not paint such a bleak picture? Are there any plans to submit ClamAV or ClamWin to Virus Bulletin? [...] I think a better test is side-by-side comparisons with standard, commercial, products. If you search the archives, you will some comments from users. For my part, we have Clam installed on the front end mail filter box. We also have a site license still for Norton which runs on the Exchange server and desktops. Since installing ClamAV, we have not seen a single hit by Norton. On VirusTotal (a free multiengine file scanner) we've seen that ClamAV is usually in the top 3 of updating their databases for virus outbreaks, usually with hours of difference against other commercial products. -- Regards, Julio Canto Hispasec Sistemas http://www.hispasec.com (+34) 902 161 025 Parque Tecnologico de Andalucia Avda Juan Lopez Peñalver, 21 Málaga, España ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users