Re: [Clamav-users] clamav latest version cant install
On Thu, Jan 12, 2006 at 01:46:14PM +0600, Meshbah Uddin Ahmed said: hi, i m using debian + postfix + mailscanner + clamav. all wrere running well. i want to install recent published clamav, but there was so many warning. and its not work. If you're running Debian, there are binary pakages available for 0.88. volatile.debian.net is there for sarge, and people.debian.org/~sgran is there for woody. The warnings you notice are just warnings - they shouldn't affect the running of the program. As for the complaints at the end of your email, it appears you have multiple clamav installations. Please search the archives for the hundreds of discussions on this topic. Take care, -- -- | Stephen Gran | Send a self-addressed, stamped | | [EMAIL PROTECTED] | envelope. | | http://www.lobefin.net/~steve | | -- signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] anti-virus imap scanner
Would ClamSMTP be sufficient? Would Amivisd be overkill? I found several listed on the Postfix website but would be interested in hearing what others have used and why. I'm using postfix/amavis/spamassassin/clam on my home mail server. Not sure what you mean by overkill, but it wasn't difficult to get working, and works well. Running fedora core 4, and I think it was all from rpm (it's been running for 3 years now, so kinda hard to remember) And then there's amavis, amavisd-new, and amavis-ng... Maintainability is my primary concern since I want them to be able to maintain it themselves if I'm not around. ClamSMTP has fewer options so less to break. I ended up installing amavisd-new last night so we'll see how that works out. thanks, -eric ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Secunia 18379
Hi guys, Can somebody confirm that the upx.c buffer overflow vulnerability referred to at http://secunia.com/advisories/18379 (2006-01-10) is the one that was fixed in CVS on Sept 16. Steve ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Secunia 18379
On Thu, 12 Jan 2006 12:08:46 + Steve Brown [EMAIL PROTECTED] wrote: Hi guys, Can somebody confirm that the upx.c buffer overflow vulnerability referred to at http://secunia.com/advisories/18379 (2006-01-10) is the one that was fixed in CVS on Sept 16. No, that's not that one. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Jan 12 13:48:50 CET 2006 signature.asc Description: PGP signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Secunia 18379
On Thu, Jan 12, 2006 at 12:08:46PM +, Steve Brown said: Hi guys, Can somebody confirm that the upx.c buffer overflow vulnerability referred to at http://secunia.com/advisories/18379 (2006-01-10) is the one that was fixed in CVS on Sept 16. That is certainly my impression. -- -- | Stephen Gran | Pretend to spank me -- I'm a pseudo-| | [EMAIL PROTECTED] | masochist! | | http://www.lobefin.net/~steve | | -- signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Secunia 18379
On Thu, Jan 12, 2006 at 12:52:16PM +, Stephen Gran said: On Thu, Jan 12, 2006 at 12:08:46PM +, Steve Brown said: Hi guys, Can somebody confirm that the upx.c buffer overflow vulnerability referred to at http://secunia.com/advisories/18379 (2006-01-10) is the one that was fixed in CVS on Sept 16. That is certainly my impression. No, sorry, it should be the CVS commit on Tue Jan 10 00:46:40 2006 - I had Sept 16 selected for diffs and got stupid about which was which. -- -- | Stephen Gran | Being schizophrenic is better than | | [EMAIL PROTECTED] | living alone. | | http://www.lobefin.net/~steve | | -- signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Secunia 18379
Tomasz Kojm wrote: Can somebody confirm that the upx.c buffer overflow vulnerability referred to at http://secunia.com/advisories/18379 (2006-01-10) is the one that was fixed in CVS on Sept 16. No, that's not that one. Ok, thanks for the prompt answer. Can you tell me if the Secunia vulnerability mentioned above has been attended to (hopefully to remove the vulnerability), and approximately when, and whether it's now fixed in CVS and/or 0.88? Thanks for your time. Steve ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] freshclam daemon dying
Hi, On 1/11/06, Dale Blount [EMAIL PROTECTED] wrote: It (finally?) happened again, here's the debugging data I've collected so far. I've left it running incase you need me to attach gdb to it (please provide gdb commands you'd like me to run). Having a look on the debug data you provided ... I checked freshclam/manager.c from cvs and I think it hangs around line 812 in function int get_database(const char *dbfile, int socketfd, const char *file, const char *hostname, const char *proxy, const char *user, const char *pass) code is /* receive body and write it to disk */ while((bread = read(socketfd, buffer, FILEBUFF))) { write(fd, buffer, bread); if(!mprintf_quiet) { mprintf(Downloading %s [%c]\r, dbfile, rotation[rot]); fflush(stdout); rot++; rot %= 4; } } the problem I see is, as long as the server does not close the connection, _this_ won't quit, as there is no way to close the connection clientside. 2 suggestions a) poll() || select() to specify a timeout this has to be added *everywhere* you recv() something. b) setsockopt() SO_RCVTIMEO set a receive timeout, this will make sthe socket handle not receiving data for a given period of time as an error. this is pretty easy, and has to be done only once, I'd say after connecting the socket struct timeval Timeout = { 2, 500 }; if(setsockopt(hostfd, SOL_SOCKET, SO_RCVTIMEO, Timeout, sizeof(Timeout)) 0) { printf(could not set timeout for socket %i\n,hostfd); }else { printf(set timeout on socket %i\n,hostfd); } If you got additional information, (gdb) we will be able to back this up, or break it. MfG Markus Koetter ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Secunia 18379
Stephen Gran wrote: No, sorry, it should be the CVS commit on Tue Jan 10 00:46:40 2006 - I had Sept 16 selected for diffs and got stupid about which was which. Aha, got it! Thanks very much for your help. -S ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] (no subject)
running ClamAV on Mac OSX.4.4 via fink and the ClamAVX GUI. tried to update to .88 on fink and received this message: configure: WARNING: resolv.h: present but cannot be compiled configure: WARNING: resolv.h: check for missing prerequisite headers? configure: WARNING: resolv.h: see the Autoconf documentation configure: WARNING: resolv.h: section Present But Cannot Be Compiled configure: WARNING: resolv.h: proceeding with the preprocessor's result configure: WARNING: resolv.h: in the future, the compiler will take precedence configure: WARNING: ## -- ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## -- ## ... Removing fink-buildlock-clamav-0.88-1 ... Failed: phase compiling: clamav-0.88-1 failed not sure what to do from here... thanks in advance, Clay Hummer ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] freshclam daemon dying
On Thu, 2006-01-12 at 14:22 +0100, Nepenthes Development Team wrote: Hi, On 1/11/06, Dale Blount [EMAIL PROTECTED] wrote: It (finally?) happened again, here's the debugging data I've collected so far. I've left it running incase you need me to attach gdb to it (please provide gdb commands you'd like me to run). Having a look on the debug data you provided ... I checked freshclam/manager.c from cvs and I think it hangs around line 812 in function int get_database(const char *dbfile, int socketfd, const char *file, const char *hostname, const char *proxy, const char *user, const char *pass) snip If you got additional information, (gdb) we will be able to back this up, or break it. Thanks Markus, The hung freshclam is still running and I will be happy to run gdb on it if you provide me the sequence of commands I need to run. Last time I did something like this I managed to completely crash the hung app instead of getting more data from it. Thanks, Dale ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav and gmp
On Thu, 12 Jan 2006 17:06:40 +0300 in [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Maybe configure seek gmp somwhere in wrong place. Can anybody help me??? Try configure --help and see if there is an option to tell configure where gmp can be found. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] freshclam daemon dying
On 1/12/06, Dale Blount [EMAIL PROTECTED] wrote: The hung freshclam is still running and I will be happy to run gdb on it if you provide me the sequence of commands I need to run. Last time I did something like this I managed to completely crash the hung app instead of getting more data from it. gdb --pid=pid once attached bt will give the backtrace. http://phpfi.com/95896 thats what i'd recommend to patch this, everything else is _much_ more work. MfG Markus Koetter ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] freshclam daemon dying
On Thu, Jan 12, 2006 at 03:46:17PM +0100, Nepenthes Development Team said: http://phpfi.com/95896 thats what i'd recommend to patch this, everything else is _much_ more work. I'm not sure that SO_RCVTIMEO is fully portable (at last the first docs I found seem to imply it's not defined everywhere) so it might be best just to do: 461a462,463 + struct timeval Timeout = { 30, 0 }; // static 30 seconds receive timeout + 583a586,592 + + if(setsockopt(socketfd, SOL_SOCKET, SO_RCVTIMEO, Timeout, sizeof(Timeout)) 0) + { + logg(^Can't set socket timeout on fd %i port %d of host %s (IP: %s) (%s)\n, socketfd, port, hostpt, ipaddr, strerror(errno)); + } and move on. This will give a warning log message to alert the admin that a timeout couldn't be set, so they know to check it periodically for problems. The other option I suppose would be to have an autoconf maco do the check ahead of time and #ifdef it, but it seems like more work as well. Just thinking out loud, -- -- | Stephen Gran | We don't need no education, we don't| | [EMAIL PROTECTED] | need no thought control. -- Pink | | http://www.lobefin.net/~steve | Floyd | -- signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] freshclam daemon dying - GDB Backtrace included
gdb --pid=pid once attached bt will give the backtrace. Here it is, it's a long one. # gdb --pid=17435 GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i686-pc-linux-gnu. Attaching to process 17435 Reading symbols from /usr/bin/freshclam...(no debugging symbols found)...done. Using host libthread_db library /lib/tls/libthread_db.so.1. Reading symbols from /usr/lib/libclamav.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libclamav.so.1 Reading symbols from /usr/lib/libz.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libz.so.1 Reading symbols from /lib/libbz2.so.1.0...(no debugging symbols found)...done. Loaded symbols for /lib/libbz2.so.1.0 Reading symbols from /usr/lib/libgmp.so.3... (no debugging symbols found)...done. Loaded symbols for /usr/lib/libgmp.so.3 Reading symbols from /lib/tls/libpthread.so.0...(no debugging symbols found)...done. [Thread debugging using libthread_db enabled] [New Thread -1210070816 (LWP 17435)] Loaded symbols for /lib/tls/libpthread.so.0 Reading symbols from /lib/tls/libnsl.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/tls/libnsl.so.1 Reading symbols from /lib/tls/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/tls/libresolv.so.2 Reading symbols from /lib/tls/libc.so.6... (no debugging symbols found)...done. Loaded symbols for /lib/tls/libc.so.6 Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /lib/tls/libnss_files.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/tls/libnss_files.so.2 Reading symbols from /lib/tls/libnss_dns.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/tls/libnss_dns.so.2 0xe410 in ?? () (gdb) bt #0 0xe410 in ?? () #1 0xb958 in ?? () #2 0x2000 in ?? () #3 0xbfffd54c in ?? () #4 0xb7f475c3 in __read_nocancel () from /lib/tls/libpthread.so.0 #5 0x0804cfb1 in ?? () #6 0x0001 in ?? () #7 0xbfffd54c in ?? () #8 0x2000 in ?? () #9 0x in ?? () #10 0x0804f4b4 in _IO_stdin_used () #11 0x08052268 in ?? () #12 0x0804efcd in _IO_stdin_used () #13 0x0098 in ?? () #14 0x in ?? () #15 0x in ?? () #16 0x in ?? () #17 0x6d616c43 in ?? () #18 0x562d5641 in ?? () #19 0x313a4244 in ?? () #20 0x614a2031 in ?? () #21 0x3032206e in ?? () #22 0x31203630 in ?? () #23 0x39312d31 in ?? () #24 0x31302b20 in ?? () #25 0x313a3030 in ?? () #26 0x3a383332 in ?? () #27 0x3a313734 in ?? () #28 0x63663a37 in ?? () #29 0x30343530 in ?? () #30 0x61626261 in ?? () #31 0x30303636 in ?? () #32 0x36643634 in ?? () #33 0x37306333 in ?? () #34 0x39636664 in ?? () #35 0x30633132 in ?? () #36 0x493a3962 in ?? () #37 0x7961476f in ?? () #38 0x45343736 in ?? () #39 0x39523374 in ?? () #40 0x7a7a3479 in ?? () #41 0x4a6c3439 in ?? () #42 0x386c536e in ?? () #43 0x3332654e in ?? () #44 0x7653704f in ?? () #45 0x6e365a4b in ?? () #46 0x56793675 in ?? () #47 0x7041374c in ?? () #48 0x54505766 in ?? () #49 0x7965484f in ?? () #50 0x66484350 in ?? () #51 0x55513364 in ?? () #52 0x4753796e in ?? () #53 0x66385a32 in ?? () #54 0x4b707366 in ?? () #55 0x4f70654b in ?? () #56 0x657a6845 in ?? () ---Type return to continue, or q return to quit--- #57 0x344b664f in ?? () #58 0x6c765075 in ?? () #59 0x37657747 in ?? () #60 0x3449394b in ?? () #61 0x37535858 in ?? () #62 0x38796c2b in ?? () #63 0x6b387555 in ?? () #64 0x6d69645a in ?? () #65 0x7166422b in ?? () #66 0x7653326e in ?? () #67 0x6f72 in ?? () #68 0x44523245 in ?? () #69 0x75616e6c in ?? () #70 0x57483937 in ?? () #71 0x72552b37 in ?? () #72 0x74362b4d in ?? () #73 0x6d436b37 in ?? () #74 0x6c2b3456 in ?? () #75 0x64594d55 in ?? () #76 0x4f373479 in ?? () #77 0x33515967 in ?? () #78 0x76794b79 in ?? () #79 0x643a6757 in ?? () #80 0x6f676569 in ?? () #81 0x3331313a in ?? () #82 0x34373936 in ?? () #83 0x20363437 in ?? () #84 0x20202020 in ?? () #85 0x20202020 in ?? () #86 0x20202020 in ?? () #87 0x20202020 in ?? () #88 0x20202020 in ?? () #89 0x20202020 in ?? () #90 0x20202020 in ?? () #91 0x20202020 in ?? () #92 0x20202020 in ?? () #93 0x20202020 in ?? () #94 0x20202020 in ?? () #95 0x20202020 in ?? () #96 0x20202020 in ?? () #97 0x20202020 in ?? () #98 0x20202020 in ?? () #99 0x20202020 in ?? () #100 0x20202020 in ?? () #101 0x20202020 in ?? () #102 0x20202020 in ?? () #103 0x20202020 in ?? () #104 0x20202020 in ?? () #105 0x20202020 in ?? () #106 0x20202020 in ?? () #107 0x20202020 in ?? () #108 0x20202020 in ?? () #109 0x20202020 in ?? () #110 0x20202020 in ?? () #111 0x20202020 in ?? () #112 0x20202020 in ?? () #113 0x20202020 in ?? ()
Re: [Clamav-users] freshclam daemon dying - GDB Backtrace included
On 1/12/06, Dale Blount [EMAIL PROTECTED] wrote: # gdb --pid=17435 GNU gdb 6.3 looks like compiled without debugging symbols to me, so its pretty useless ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Large number of Mytob.MM this morning?
Anyone else seeing a lot of Mytob.MM getting thru today? ClamAV doesn't seem to be blocking it on the mail server, Norton catches it if the virus defs are up to date (today's work, yesterday's don't). I've already submitted a sample to the website, any hope of getting this blocked soon? Jay -- Jay Lee Network / Systems Administrator Information Technology Dept. Philadelphia Biblical University -- ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Large number of Mytob.MM this morning?
Jay Lee said: Anyone else seeing a lot of Mytob.MM getting thru today? ClamAV doesn't seem to be blocking it on the mail server, Norton catches it if the virus defs are up to date (today's work, yesterday's don't). I've already submitted a sample to the website, any hope of getting this blocked soon? Did you submit it to the online testing web page to see if that system handles it differently from yours? dp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Large number of Mytob.MM this morning?
Dennis Peterson wrote: Jay Lee said: Anyone else seeing a lot of Mytob.MM getting thru today? ClamAV doesn't seem to be blocking it on the mail server, Norton catches it if the virus defs are up to date (today's work, yesterday's don't). I've already submitted a sample to the website, any hope of getting this blocked soon? Did you submit it to the online testing web page to see if that system handles it differently from yours? I have now yes, I tried sending the raw email message, the attached .zip file and the unzipped .exe, it reported them all as clean. Jay -- Jay Lee Network / Systems Administrator Information Technology Dept. Philadelphia Biblical University -- ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Large number of Mytob.MM this morning?
Jay Lee wrote: I've already submitted a sample to the website, any hope of getting this blocked soon? Did you submit it to the online testing web page to see if that system handles it differently from yours? I have now yes, I tried sending the raw email message, the attached .zip file and the unzipped .exe, it reported them all as clean. Jay It's worth submitting the raw message file to http://virusscan.jotti.org and http://www.virustotal.com as well. Phil Phil Randal Network Engineer Herefordshire Council Hereford, UK ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Large number of Mytob.MM this morning?
Randal, Phil wrote: Jay Lee wrote: I've already submitted a sample to the website, any hope of getting this blocked soon? Did you submit it to the online testing web page to see if that system handles it differently from yours? I have now yes, I tried sending the raw email message, the attached .zip file and the unzipped .exe, it reported them all as clean. Jay It's worth submitting the raw message file to http://virusscan.jotti.org and http://www.virustotal.com as well. Here is virustotal's result: Virus Total ___ Scan results File: qvyexy.zip Date: 01/12/2006 18:03:37 (CET) AntiVir 6.33.0.77/20060112 found [HEUR-DBLEXT/Worm.Gen] Avast 4.6.695.0/20060111 found nothing AVG 718/20060111found [BackDoor.Wootbot.LD] Avira 6.33.0.77/20060112 found [HEUR-DBLEXT/Worm.Gen] BitDefender 7.2/20060112found [Win32.Worm.Mytob.X.Gen] CAT-QuickHeal 8.00/20060111 found [Backdoor.Wootbot.gen] ClamAV devel-20051123/20060112 found nothing DrWeb4.33/20060112 found [Win32.IRC.Bot.based] eTrust-Iris 7.1.194.0/20060112 found [Win32/RBot.Variant!Worm] eTrust-Vet 12.4.1.0/20060112 found [Win32/Mytob!ZIP!generic] Ewido 3.5/20060112found [Backdoor.Wootbot] Fortinet2.54.0.0/20060112 found [W32/ForBot!bdr] F-Prot 3.16c/20060111 found [W32/[EMAIL PROTECTED] Ikarus 0.2.59.0/20060112 found [Backdoor.Win32.Wootbot.GEN] Kaspersky 4.0.2.24/20060112 found [Backdoor.Win32.Wootbot.gen] McAfee 4672/20060111 found [Generic Malware.a!zip] NOD32v2 1.1363/20060112 found [Win32/Mytob.OF] Norman 5.70.10/20060112found [W32/SDBot.gen1] Panda 9.0.0.4/20060112found [Bck/Vidaloka.R] Sophos 4.01.0/20060112 found [W32/Forbot-Fam] Symantec8.0/20060112found [EMAIL PROTECTED] TheHacker 5.9.2.072/20060112 found [W32/Generic!zip-dobleextension] UNA 1.83/20060112 found nothing VBA32 3.10.5/20060112 found [Backdoor.Win32.Wootbot.gen] -- Jay Lee Network / Systems Administrator Information Technology Dept. Philadelphia Biblical University -- ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: [Clamav-devel] Patch to fix broken sendfile on Linux 2.6
Hi, I'm a ClamAV user from Taiwan. I'm experiencing this same problem. But I did not see this issue solved in the just-released ClamAV 0.88. Now I have to patch ClamAV in order for it to work properly. Will it be solved in the future version of ClamAV? -- Best regards, imacat ^_*' [EMAIL PROTECTED] PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt Woman's Voice News: http://www.wov.idv.tw/ Tavern IMACAT's: http://www.imacat.idv.tw/ TLUG List Manager: http://lists.linux.org.tw/cgi-bin/mailman/listinfo/tlug pgpZO0Bi6ckSm.pgp Description: PGP signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] cpu utilization suddenly over 90% all the time
Trog wrote: On Mon, 2006-01-09 at 15:37 -0800, Bill Shupp wrote: First, I would check the filesystem type of /tmp (or whatever you are using). Make sure it is not sync'ed or journalling. Next, I would investigate the pthreads libraries. If your system has more than one to choose from, try the other one. Failing that, disable thread support at compile time. If that doesn't help, you'll need to do some profiling to find out where all the time is being spent. It turns out this was a ripmime issue dealing with qmail bounce messages. For further details, you can read my post to the simscan list: http://shupp.org/patches/ripmime.txt Regards, Bill Shupp ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] scanning over tcp/ip
Is clamdscan/clamd scanning supported over TCP/IP? As far as I could tell in the documentation, there is stream support, but it's not ready for network connections. My failed tests support that (clamd was looking for the local file, rather than the file getting passed over the stream). It also appears that milter can do it, but that looks like a sendmail specific tool from the docs (I use qmail). If anyone could clarify, that would be great. I'm looking for a way to offload only clamd to another system, similar to how spamc/spamd works. Thanks, Bill ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] scanning over tcp/ip
On Thursday 12 January 2006 13:46, Bill Shupp wrote: Is clamdscan/clamd scanning supported over TCP/IP? As far as I could tell in the documentation, there is stream support, but it's not ready for network connections. My failed tests support that (clamd was looking for the local file, rather than the file getting passed over the stream). It also appears that milter can do it, but that looks like a sendmail specific tool from the docs (I use qmail). I believe it depends on whether you start it up listening to tcp, or a socket, right? If anyone could clarify, that would be great. I'm looking for a way to offload only clamd to another system, similar to how spamc/spamd works. Thanks, Bill ___ http://lurker.clamav.net/list/clamav-users.html -- John Jolet Your On-Demand IT Department 512-762-0729 www.jolet.net [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] scanning over tcp/ip
John Jolet wrote: On Thursday 12 January 2006 13:46, Bill Shupp wrote: Is clamdscan/clamd scanning supported over TCP/IP? As far as I could tell in the documentation, there is stream support, but it's not ready for network connections. My failed tests support that (clamd was looking for the local file, rather than the file getting passed over the stream). It also appears that milter can do it, but that looks like a sendmail specific tool from the docs (I use qmail). I believe it depends on whether you start it up listening to tcp, or a socket, right? I did start it with TCP. clamdscan successfully talked to clamd, but it passed filename paths (which did not exist on the remote server), rather than sending the file contents. I also read somewhere that STREAM support (i.e. over a network connection) was not fully supported. I'm only asking because I read in the milter man page that tcp/ip scanning was supported. Regards, Bill ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] scanning over tcp/ip
Bill Shupp wrote: Is clamdscan/clamd scanning supported over TCP/IP? AFAIK, clamdscan won't use STREAM. This was posted a while back, but I haven't actually tried it (since I use the milter, which does support STREAM): http://sourceforge.net/projects/clamd-stream-cl/ Craig. -- ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] scanning over tcp/ip
Craig Green wrote: Bill Shupp wrote: Is clamdscan/clamd scanning supported over TCP/IP? AFAIK, clamdscan won't use STREAM. This was posted a while back, but I haven't actually tried it (since I use the milter, which does support STREAM): http://sourceforge.net/projects/clamd-stream-cl/ Great, I'll give this a try. Regards, Bill ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] freshclam daemon dying - GDB Backtrace included
Yes it'd be nice if you recompiled with -g flag and gave it another go... Your backtrace does look kind of wacky though. A depth of almost 400 frames??! Also, if you look at the frame addresses, you see a bunch of bogus-looking addresses like 0x and 0x2020202020, which could imply something's overwriting your stack with NULLs, space chars (0x20) and whatever else.. It'll be interesting to see what else your recompile/retry reveals... ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] scanning over tcp/ip
Craig Green wrote: Bill Shupp wrote: Is clamdscan/clamd scanning supported over TCP/IP? AFAIK, clamdscan won't use STREAM. This was posted a while back, but I haven't actually tried it (since I use the milter, which does support STREAM): http://sourceforge.net/projects/clamd-stream-cl/ I just tried it, and it worked just fine using clamav's test files from my OS X laptop to my Linux clamd server. Now I just need to patch the scanning harness I use (simscan) to use it. Looks promising, though. Thanks, Bill ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] scanning over tcp/ip
On Thu, Jan 12, 2006 at 04:40:15PM -0500, Craig Green said: Bill Shupp wrote: Is clamdscan/clamd scanning supported over TCP/IP? AFAIK, clamdscan won't use STREAM. I thought it did if you specified stdin (e.g., cat foo | clamdscan - ), but I wouldn't be surprised if I was wrong here. It's been a little bit since I looked at that chunk of code. -- -- | Stephen Gran | Today's robots are very primitive, | | [EMAIL PROTECTED] | capable of understanding only a few | | http://www.lobefin.net/~steve | simple instructions such as 'go left', | || 'go right', and 'build car'. --John | || Sladek | -- signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Upgrading the clamav 0.86 to 0.88
I am new to this clamav, I have Fedora core 2 and trying to upgrade the clamav 0.86 to 0.88 . I installed the following rpm's clamav-0.88-1.1.fc2.rf.i386.rpm clamav-db-0.88-1.1.fc2.rf.i386.rpm clamav-devel-0.88-1.1.fc2.rf.i386.rpm clamav-milter-0.88-1.1.fc2.rf.i386.rpm clamd-0.88-1.1.fc2.rf.i386.rpm I used the rpm -Uvh to upgrade the clamav, I could able to run the clamav-db but when I tried to run clamav-0.88-1.1.fc2.rf.i386.rpm it gives the following error: warning: clamav-0.88-1.1.fc2.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 6b8d79e6 error: Failed dependencies: libc.so.6(GLIBC_2.3.4) is needed by clamav-0.88-1.1.fc2.rf Anyone has idea how to solve this prob or if I am doing wrong then how to upgrade the clamav. thanks Sandeep ___ http://lurker.clamav.net/list/clamav-users.html