Re: [Clamav-users] clamdscan -i option
Markus Hardiyanto http://www.clamav.net/doc/0.85/clamdoc.pdf 4 Configuration 4.1 clamd If you are going to use the daemon, you have to edit the configuration file (in other case clamd won't run): $ clamd ERROR: Please edit the example config file /etc/clamd.conf. This shows the location of the default configuration file. The format and options of this file are fully described in the clamd.conf(5) manual. The config file is well commented and configuration should be straightforward. You may need to # the first line. I think?!? I like using clamscan -ir / Invalid on clamscan with option -i, clamscan only show files that infected by virus, but what option/setting i must use for clamdscan to do the same way? on clamscan: clamscan -i --no-summary /home/user/file.zip how to do the same with clamdscan? i try this: clamdscan -i --no-summary /home/user/file.zip but i get error message that says i must edit clamd.conf? so what option i must set? Best Regards, Markus __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Yum plus clamav
Hello Sergio fernandez, I am not sure if this has been asked in the past but I was wondering if there is a way to get YUM to update/upgrade clamav. http://www.clamav.net/binary.html Best regards -- Luca Gibelli (luca at clamav.net) - ClamAV, a GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/luca.gpg ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Any suggestions about CPU load in .80 and .84
email builder wrote: Where do you do that? Clam itself only has ArchiveMaxFileSize and ClamukoMaxFileSize (but we don't use claumuko). I don't see anything obvious in my amavis config (might be missing a default config somewhere else though), and I don't know how to make Postfix skip a content filter based on that kind of rule? No idea how it is done in Amavis, specifically, but quite a few people do admit to only scanning messages of N size. Virii tend to only appear within messages upto a certain size, especially self propogating ones. This is, however, something that has to be done within the content filter config. I don't believe, I may be wrong, that clamd|clamdscan has an option for 'scan if less than...' Matt ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Follow-up on clamav-milter not mailing notice to postmaster
May I add that it is really, really, really bad for clamav-milter to refuse to run at all, just because it can't write to it's log file ? I would much prefer it doing something and not logging then takeing down the whole mail system. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Follow-up on clamav-milter not mailing notice to postmaster
On Sat, 14 May 2005, Christopher X. Candreva wrote: May I add that it is really, really, really bad for clamav-milter to refuse to run at all, just because it can't write to it's log file ? I would much prefer it doing something and not logging then takeing down the whole mail system. If your whole mail system gets taken down just because clamav-milter died, then perhaps you misconfigured sendmail? Look at the F= option in the line that calls the milter in your sendmail.mc. That determines what action should be taken if the milter can't be contacted: F=R: reject the mail F=T: tempfail the mail F=: pass it through unscanned Obviously I always choose the F= option so my mailservers will continue to work in the event of a milter failure. (Email is a service, virus scanning is a feature.) It sounds like you made a different (and IMHO wrong) decision. Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Any suggestions about CPU load in .80 and .84
email builder wrote: [snip] Yep, that's obvious to anyone who stares at top with any regularity. That doesn't mean that top is useless tho. :) No it's not useless (I never said it was). [snip] I understand and agree. But, as useful as looking at stats can be, it's not the only way to gague system performance IMO. As even a novice admin, I think you can watch CPU usage with top or system load with w on a regular basis, and you *can* eyeball things to a certain extent, especially if you can keep an eye on those things on a regular basis over a period of time and if you can swap out software versions for comparison. Sure, virus explosions could seriously warp stats, but I don't think when we saw .83 kill our CPU and we rolled back to .80 and the CPU dropped off substantially that it was due to some strange virus that happened to only attack us when we were running .83. With enough diligence, subjective analysis isn't completely invalid. But I'm not trying to start a fight. :) I agree that subjective analysis could lead to investigate real problems. [snip] We rolled back to .80 and CPU went back to the low levels it was at before OK. [snip] Where do you do that? Clam itself only has ArchiveMaxFileSize and ClamukoMaxFileSize (but we don't use claumuko). I don't see anything obvious in my amavis config (might be missing a default config somewhere else though), and I don't know how to make Postfix skip a content filter based on that kind of rule? ArchiveMaxFileSize is a start. It's usally done at the filter configuration level, CommuniGate makes it very easy, you configure your filter to be used if some conditions are true, with Sendmail it has to be a feature in a milter (I haven't seen a milter that has it, but I haven't been looking for it). Regards. -- René Berber ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Follow-up on clamav-milter not mailing notice to postmaster
Christopher X. Candreva said: May I add that it is really, really, really bad for clamav-milter to refuse to run at all, just because it can't write to it's log file ? I would much prefer it doing something and not logging then takeing down the whole mail system. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 Clam runs fine when properly configured. Are you asking the developers to compensate for sloppy administration? I think for that you need a Microsoft product, and it won't be free. dp ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: Follow-up on clamav-milter not mailing noticeto postmaster
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Damian Menscher Sent: zaterdag 14 mei 2005 18:41 To: ClamAV users ML Subject: Re: [Clamav-users] Re: Follow-up on clamav-milter not mailing noticeto postmaster On Sat, 14 May 2005, Christopher X. Candreva wrote: May I add that it is really, really, really bad for clamav-milter to refuse to run at all, just because it can't write to it's log file ? I would much prefer it doing something and not logging then takeing down the whole mail system. If your whole mail system gets taken down just because clamav-milter died, then perhaps you misconfigured sendmail? Look at the F= option in the line that calls the milter in your sendmail.mc. That determines what action should be taken if the milter can't be contacted: F=R: reject the mail F=T: tempfail the mail F=: pass it through unscanned Obviously I always choose the F= option so my mailservers will continue to work in the event of a milter failure. That is your prerogative. I, on the other hand, would never configure sendmail in that fashion. Clamav-scans are a critical part of mail delivery. I would never allow mail to be delivered when the virus scanner is down, and would indeed TempFail delivery until I restarted the daemon (via a watchdog script). - Mark System Administrator Asarian-host.org --- If you were supposed to understand it, we wouldn't call it code. - FedEx ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Follow-up on clamav-milter not mailing notice to postmaster
On Sat, May 14, 2005 at 09:49:01AM -0700, Dennis Peterson wrote: Christopher X. Candreva said: May I add that it is really, really, really bad for clamav-milter to refuse to run at all, just because it can't write to it's log file ? I would much prefer it doing something and not logging then takeing down the whole mail system. Clam runs fine when properly configured. Are you asking the developers to compensate for sloppy administration? I think for that you need a Microsoft product, and it won't be free. But the proper configuration is at best awkward: clamd does not require LogFile be defined in clamd.conf, so I normally configure it to use syslogging to avoid a separate file and to make it compatible with clamav-milter. clamav-milter does not have its own config file, so it steals information from clamd.conf, and it now requires LogFile to be defined there, even though it uses syslogging by default. So, it appears I'm left with having to use a logfile for clamd, to keep clamav-milter happy, plus syslogging to get clamav-milter logs. Rob ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Follow-up on clamav-milter not mailing notice to postmaster
Robert Stampfli said: On Sat, May 14, 2005 at 09:49:01AM -0700, Dennis Peterson wrote: Christopher X. Candreva said: May I add that it is really, really, really bad for clamav-milter to refuse to run at all, just because it can't write to it's log file ? I would much prefer it doing something and not logging then takeing down the whole mail system. Clam runs fine when properly configured. Are you asking the developers to compensate for sloppy administration? I think for that you need a Microsoft product, and it won't be free. But the proper configuration is at best awkward: clamd does not require LogFile be defined in clamd.conf, so I normally configure it to use syslogging to avoid a separate file and to make it compatible with clamav-milter. Any time you incorporate a new product into your system you need a validation plan. You need to know if it's working, if it is starting/stopping as expected, is it logging as you expect, etc. When all your requirements have a checkmark, the product is properly configured, or your checklist is flawed. I leave it to you senior administrators to describe the reason for flawed checklists. BTW, I use syslog (ng-syslog, actually) and have it generate a separate file for each daemon. This is because I have log rotation policies and analysis requirements that are best served when certain processes log to their own files. dp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Follow-up on clamav-milter not mailing notice to postmaster
On Sat, 14 May 2005, Robert Stampfli wrote: clamav-milter does not have its own config file, so it steals information from clamd.conf, and it now requires LogFile to be defined there, even though it uses syslogging by default. So, it appears I'm left with having to use a logfile for clamd, to keep clamav-milter happy, plus syslogging to get clamav-milter logs. I believe that is a bug that was introduced in 0.85 and has already been fixed in CVS. This is one of the many reasons my core servers are still running 0.83. Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: Follow-up on clamav-milter not mailing noticeto postmaster
On Sat, 14 May 2005, Mark wrote: Damian Menscher wrote: Obviously I always choose the F= option so my mailservers will continue to work in the event of a milter failure. That is your prerogative. I, on the other hand, would never configure sendmail in that fashion. Clamav-scans are a critical part of mail delivery. I would never allow mail to be delivered when the virus scanner is down, and would indeed TempFail delivery until I restarted the daemon (via a watchdog script). My situation is somewhat unique in that I have intelligent users and very few windows machines. So viruses are more of an annoyance than a threat. But let's ignore that for now Both of us run watchdog scripts (I run clmilter_watch every 15 minutes) so, at worst, clamav-milter will be down for 15 minutes. In your case, all mail delivery will stop, and I think outgoing mail will also be broken. So, not only will your mailserver be down, but your users won't be able to contact you to let you know it's down. Of course, a 15-minute downtime might be acceptable to you. In my case, some viruses will leak through. Most of them will probably be caught by spamassassin, and the remaining ones will be seen by the users. Most users will ignore them, and the dumb ones will be protected by the virus scanner on their local windows box. So, while I can see how virus-scanning of emails might be a core service for a Windows shop with dumb users, it shouldn't be your only line of defense. And I really don't like the risk of breaking email. In any case, the decision is left to the administrator. My point was: The fact that Chris Candreva complained that a clamav-milter outage was causing a total email outage indicates that he should be choosing the pass-through option, not the tempfail option. Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: Follow-up on clamav-milter not mailing noticeto postmaster
Damian Menscher said: On Sat, 14 May 2005, Mark wrote: Damian Menscher wrote: Obviously I always choose the F= option so my mailservers will continue to work in the event of a milter failure. That is your prerogative. I, on the other hand, would never configure sendmail in that fashion. Clamav-scans are a critical part of mail delivery. I would never allow mail to be delivered when the virus scanner is down, and would indeed TempFail delivery until I restarted the daemon (via a watchdog script). My situation is somewhat unique in that I have intelligent users and very few windows machines. So viruses are more of an annoyance than a threat. But let's ignore that for now Both of us run watchdog scripts (I run clmilter_watch every 15 minutes) so, at worst, clamav-milter will be down for 15 minutes. In your case, all mail delivery will stop, and I think outgoing mail will also be broken. So, not only will your mailserver be down, but your users won't be able to contact you to let you know it's down. Of course, a 15-minute downtime might be acceptable to you. Use a startup script like this (crude) example and you wait only a few seconds: #! /bin/sh # Start daemon, restart if it dies, send notification to syslog start_clamav_milter () { /usr/bin/clamav_milter [args] } # main While :; do start_clamav_milter sleep 5 logger -t clamav -p local5.crit Damn milter quit again done You can also run cron with * * * * * watchdog.sh ... and wait a minute at most. In either method you need to keep an eye on the logs and procs remotely but that's what Big Brother or Big Sister is for. dp ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: Follow-up on clamav-milter not mailing noticeto postmaster
On Sat, 14 May 2005, Dennis Peterson wrote: Damian Menscher said: Both of us run watchdog scripts (I run clmilter_watch every 15 minutes) so, at worst, clamav-milter will be down for 15 minutes. In your case, all mail delivery will stop, and I think outgoing mail will also be broken. So, not only will your mailserver be down, but your users won't be able to contact you to let you know it's down. Of course, a 15-minute downtime might be acceptable to you. Use a startup script like this (crude) example and you wait only a few seconds: #! /bin/sh # Start daemon, restart if it dies, send notification to syslog start_clamav_milter () { /usr/bin/clamav_milter [args] } # main While :; do start_clamav_milter sleep 5 logger -t clamav -p local5.crit Damn milter quit again done That only saves you if clamav-milter crashes, not if it hangs, or if the virus database gets borked, or any number of other problems. To guard against all possible failures you need clmilter_watch, available at http://www.itg.uiuc.edu/itg_software/clmilter_watch/ Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: Follow-up on clamav-milter not mailing noticeto postmaster
Damian Menscher said: On Sat, 14 May 2005, Dennis Peterson wrote: Damian Menscher said: Both of us run watchdog scripts (I run clmilter_watch every 15 minutes) so, at worst, clamav-milter will be down for 15 minutes. In your case, all mail delivery will stop, and I think outgoing mail will also be broken. So, not only will your mailserver be down, but your users won't be able to contact you to let you know it's down. Of course, a 15-minute downtime might be acceptable to you. Use a startup script like this (crude) example and you wait only a few seconds: #! /bin/sh # Start daemon, restart if it dies, send notification to syslog start_clamav_milter () { /usr/bin/clamav_milter [args] } # main While :; do start_clamav_milter sleep 5 logger -t clamav -p local5.crit Damn milter quit again done That only saves you if clamav-milter crashes, not if it hangs, or if the virus database gets borked, or any number of other problems. To guard against all possible failures you need clmilter_watch, available at http://www.itg.uiuc.edu/itg_software/clmilter_watch/ Damian Menscher That isn't the problem solved in this script - it's a startup script. You can and should monitor the various clam elements with basic tools, but restarting the daemon can be automated in the startup script regardless of what ever monitoring you have. Since you already need a startup script it is a logical next step to make one that loops as does this example. dp ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Antivirus Gateway firewall
How can we integrate clamav with firewall, so all ther trafic should be scan and filtered before entering the network. Nilux ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Antivirus Gateway firewall
On Sun, 15 May 2005 01:29:37 +0530 nileshemi redhat [EMAIL PROTECTED] wrote: How can we integrate clamav with firewall, so http://www.clamav.net/3rdparty.html - snort-inline -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sat May 14 22:00:36 CEST 2005 pgpAgAmQLkAHX.pgp Description: PGP signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] deprecated -D switch
On Thu, 12 May 2005 12:13:30 -0500 (CDT) Brad Koehn [EMAIL PROTECTED] wrote: What did the old -D switch used to do? In upgrading my Mac OS X 10.4 Server installation, I noticed it runs freshclam thusly: freshclam -d -D -p freshclam.pid -c 24 This has to be some invention of Apple developers. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sat May 14 22:08:48 CEST 2005 pgp4aK3eQiEoC.pgp Description: PGP signature ___ http://lurker.clamav.net/list/clamav-users.html