Re: [Clamav-users] clamscan sped
i'm running clamscan not the memory resident clamd, as the scan is run only at night. On 11/26/06, Bill Landry [EMAIL PROTECTED] wrote: Erez Epstein wrote the following on 11/26/2006 1:24 AM -0800: Hello everybody, i have set up clamscan to scan all of the server using cron daily ( /usr/local/bin/clamscan -r -i --exclude-dir=/sys --no-summary / ) the scan is taking too long conisdered to other virus scanners (about 6 hours) why does it taking so much? and how can i shorten it while still scaning all files every night. If you're running clamd, why not use clamdscan instead of clamscan, it's much faster? Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamscan sped
well, i'm not sure if thats the right solution, as smart virus or old file with new virus definiton will not be found. also i know all other virus scanners do scan all files. On 11/26/06, Dennis Peterson [EMAIL PROTECTED] wrote: Erez Epstein wrote: and how can i shorten it while still scaning all files every night. Don't scan all of them every night. There is no need to scan a file that has not been modified since the last scan. There is probably no need to scan your logs, /var, /usr, /opt, /proc, /dev, /bin, /sbin, or /devices (or any root owned directory) unless you think you have been hacked and had your root account compromised. You probably don't want to scan NFS mounts or Samba mounts as it is rather expensive in terms of network traffic and speed, and introduces all kinds of interesting permissions and connection reliability issues. Clam is not a good intrusion detection tool so you might want to run TripWire or some similar tool that will tell you which files have been modified so you can limit your scan to those few files that require scanning. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamscan sped
Erez Epstein wrote: well, i'm not sure if thats the right solution, as smart virus or old file with new virus definiton will not be found. also i know all other virus scanners do scan all files. Then perhaps you should be using other virus scanners. Use the tool that best fits the job. If you find that clamav takes a long time to scan a large drive, that may be because this was not the primary purpose of the product. Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). While im sure the number of uses for clamav is growing all the time, if you try to use a product for a task that it was not designed for and it does that task poorly, why continue to try to make it work? Find a product that works for you in this particular situation and use that instead. -Jim On 11/26/06, Dennis Peterson [EMAIL PROTECTED] wrote: Erez Epstein wrote: and how can i shorten it while still scaning all files every night. Don't scan all of them every night. There is no need to scan a file that has not been modified since the last scan. There is probably no need to scan your logs, /var, /usr, /opt, /proc, /dev, /bin, /sbin, or /devices (or any root owned directory) unless you think you have been hacked and had your root account compromised. You probably don't want to scan NFS mounts or Samba mounts as it is rather expensive in terms of network traffic and speed, and introduces all kinds of interesting permissions and connection reliability issues. Clam is not a good intrusion detection tool so you might want to run TripWire or some similar tool that will tell you which files have been modified so you can limit your scan to those few files that require scanning. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: FW: [Clamav-users] clamscan sped
Arthur Sherman wrote: Hi Jim, What AV would you suggest for SAMBA? Sorry, I have no suggestions as I have never tried to do this. We have symantec AV on all our windows workstations and I use only clamav on our mail server. Im sure others will have many suggestions. -Jim Best, -- Arthur Sherman +972-52-4878851 CPTeam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Maul Sent: Monday, November 27, 2006 3:18 PM To: ClamAV users ML Subject: Re: [Clamav-users] clamscan sped Erez Epstein wrote: well, i'm not sure if thats the right solution, as smart virus or old file with new virus definiton will not be found. also i know all other virus scanners do scan all files. Then perhaps you should be using other virus scanners. Use the tool that best fits the job. If you find that clamav takes a long time to scan a large drive, that may be because this was not the primary purpose of the product. Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). While im sure the number of uses for clamav is growing all the time, if you try to use a product for a task that it was not designed for and it does that task poorly, why continue to try to make it work? Find a product that works for you in this particular situation and use that instead. -Jim On 11/26/06, Dennis Peterson [EMAIL PROTECTED] wrote: Erez Epstein wrote: and how can i shorten it while still scaning all files every night. Don't scan all of them every night. There is no need to scan a file that has not been modified since the last scan. There is probably no need to scan your logs, /var, /usr, /opt, /proc, /dev, /bin, /sbin, or /devices (or any root owned directory) unless you think you have been hacked and had your root account compromised. You probably don't want to scan NFS mounts or Samba mounts as it is rather expensive in terms of network traffic and speed, and introduces all kinds of interesting permissions and connection reliability issues. Clam is not a good intrusion detection tool so you might want to run TripWire or some similar tool that will tell you which files have been modified so you can limit your scan to those few files that require scanning. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] UPX packed executables
Hi, I've had several variants of the Stration worm creep through recently. Some of these are UPX encoded. I'm not aware of any legitimate reason why I need to allow any UPX packed binary in via e-mail, so is there a way of blocking any such file? Cheers, John ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamd exit error code 71
Hey, We are running into a strange error with clamd. On our logs we see the following: @4000456b14c61e546d5c simscan: calling clamdscan @4000456b14c61e547914 simscan: fatal error executing clamdscan @4000456b14c61e5484cc simscan: exit error code: 71 We've google'd this extensivley and the only information we can find is that it's related to permissions. This is not the case for us, since we are sure the permissions have not changed and are correct upon rechecking them. Has anyone else ran into this issue? Thanks. -Javier Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamd exit error code 71
First make sure that the binary is still in the place that simscan is looking for it. Second make sure that simscan is in the clamav group (assuming you aren't running as root.) Steve [EMAIL PROTECTED] wrote: Hey, We are running into a strange error with clamd. On our logs we see the following: @4000456b14c61e546d5c simscan: calling clamdscan @4000456b14c61e547914 simscan: fatal error executing clamdscan @4000456b14c61e5484cc simscan: exit error code: 71 We've google'd this extensivley and the only information we can find is that it's related to permissions. This is not the case for us, since we are sure the permissions have not changed and are correct upon rechecking them. Has anyone else ran into this issue? Thanks. -Javier Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav as postfix check_policy_service, not content_filter
My quick review of the archive/google did not turn up any implementation notes for using clamav as a policy rather than content filter. I already have amavisd-new/clamd working, but would like to move the virus scan from post acceptance to pre acceptance. By making this chance, the sender's MTA will handle notification (if it would have any value). Post acceptance notification is just making a new nuisance and negative value. I do understand that pre acceptance processing raises the performance bar. I believe I can budget the resources required, and I am willing to revert if needed. Does anyone have clamav implemented as a policy service in postfix? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav as postfix check_policy_service, not content_filter
At 01:55 PM 11/27/2006, Christopher Cleveland wrote: My quick review of the archive/google did not turn up any implementation notes for using clamav as a policy rather than content filter. I already have amavisd-new/clamd working, but would like to move the virus scan from post acceptance to pre acceptance. By making this chance, the sender's MTA will handle notification (if it would have any value). Post acceptance notification is just making a new nuisance and negative value. I do understand that pre acceptance processing raises the performance bar. I believe I can budget the resources required, and I am willing to revert if needed. Does anyone have clamav implemented as a policy service in postfix? You're using the wrong term here. A postfix policy service only gets envelope information such as client, MAIL FROM, RCPT TO, and other stuff, but does not get the data. So it should be obvious you can't do virus scanning with a policy service. To scan data before accepting the message you need to use a smtpd_proxy_filter or a milter (with postfix 2.3). clamsmtp is a commonly used pre-queue smtpd_proxy_filter that works well. Good instructions are on their web site. http://memberwebs.com/nielsen/software/clamsmtp/ http://www.postfix.org/SMTPD_PROXY_README.html -- Noel Jones ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamscan sped
Erez Epstein wrote: First of all I'd like to mirror the sentiment that ClamAV obviously isn't designed as a general purpose scanner. If that's your primary usage it may be advisable to find something more in line with your goals. That said, ClamAV does a smashing job when it's in its element. I use it and procmail to examine my own email here at home, and can only flag messages for later filtering by my client software because ClamAV hits on some of the exploit discussions on lists like Full Disclosure. If that's not a thorough job, nothing is. Kudos to the ClamAV team! ;) well, i'm not sure if thats the right solution, as smart virus or old file with new virus definiton will not be found. Virus definitions are typically additive. Old viruses will be detected unless software developers decide a particular virus is no longer a threat, or drop support for some platform entirely. ClamAV still detects Tequila, for example. also i know all other virus scanners do scan all files. I don't believe this to be true either. I know at least one mainstream scanner defaults to selective or smart scanning while doing scheduled scans, and another that's addaptive in that it assumes certain groups of files are clean if the first few are found to be clean. It also starts scanning every single file if it happens to run across an infection, FWIW. Either one can be commanded to look at every file, but I believe in the second case it *still* ignores certain types of files. In general I'd bet most virus scanners only examine every file if forced to, and even then only do it reluctantly. It may be advisable at certain times, like when addressing email attachments or on-access scanning, but otherwise it's largely a waste of time. AV software authors and users should realise this and limit scheduled, nightly scans to only those files that deserve it. If they aren't already... On 11/26/06, Dennis Peterson [EMAIL PROTECTED] wrote: Erez Epstein wrote: and how can i shorten it while still scaning all files every night. Don't scan all of them every night. There is no need to scan a file that has not been modified since the last scan. There is probably no need to scan your logs, /var, /usr, /opt, /proc, /dev, /bin, /sbin, or /devices (or any root owned directory) unless you think you have been hacked and had your root account compromised. You probably don't want to scan NFS mounts or Samba mounts as it is rather expensive in terms of network traffic and speed, and introduces all kinds of interesting permissions and connection reliability issues. Clam is not a good intrusion detection tool so you might want to run TripWire or some similar tool that will tell you which files have been modified so you can limit your scan to those few files that require scanning. dp -- Hand crafted on 27 November, 2006 at 14:40:45 EST using only the finest domestic and imported ASCII. Outside of a dog, a book is a man's best friend. Inside of a dog, it's too dark to read. -- Groucho Marx signature.asc Description: PGP signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav as postfix check_policy_service, not content_filter
* Christopher Cleveland [EMAIL PROTECTED]: My quick review of the archive/google did not turn up any implementation notes for using clamav as a policy rather than content filter. A policy server never gets to see the CONTENT of a mail, but merely meta information (sender, recipient, client, etc). Thus, clamav cannot work as a policy server, since the virus is in the mail... Do you by chance mean an smtpd_proxy_filter? -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBFsend no mail to [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Compiling Clamav-0.9RC2 on Solaris Intel
Apologies if this is the wrong list. Although I'm a long-time Clamav user, I haven't needed any support for years. I have just tried to configure, make and install Clamav-0.9RC2 on a Dell PC running Solaris 10. I have previously done the same with various 0.8 versions and 0.9RC1 without any problem. This time there were a couple of funnies, although I do seem to have ended up with working executables. I ran a basic ./configure --with-user=myuser --with-group=mygroup. The configure script complains checking for curl = 7.10.0... syntax error on line 1, teletype 7.14.0, but it does in fact find libcurl and compile it in, so I assume this is not serious. I notice that this error has cropped up in earlier versions, but didn't see a fix. Make runs without error, but make install (run as root) fails, complaining that main.cvd and daily.cvd are not in /usr/local/share/clamav: make[1]: Entering directory `/mydir/clamav-0.90rc2/database' /bin/bash ../mkinstalldirs /usr/local/share/clamav chmod: WARNING: can't access /usr/local/share/clamav/main.cvd chown: /usr/local/share/clamav/main.cvd: No such file or directory chgrp: /usr/local/share/clamav/main.cvd: No such file or directory chmod: WARNING: can't access /usr/local/share/clamav/daily.cvd chown: /usr/local/share/clamav/daily.cvd: No such file or directory chgrp: /usr/local/share/clamav/daily.cvd: No such file or directory make[1]: *** [install] Error 1 Do I need to worry about any of this? Jon ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Compiling Clamav-0.9RC2 on Solaris Intel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jonathan Armitage wrote: Apologies if this is the wrong list. Although I'm a long-time Clamav user, I haven't needed any support for years. Right list. I have just tried to configure, make and install Clamav-0.9RC2 on a Dell PC running Solaris 10. I have previously done the same with various 0.8 versions and 0.9RC1 without any problem. This time there were a couple of funnies, although I do seem to have ended up with working executables. I ran a basic ./configure --with-user=myuser --with-group=mygroup. The configure script complains checking for curl = 7.10.0... syntax error on line 1, teletype 7.14.0, but it does in fact find libcurl and compile it in, so I assume this is not serious. I notice that this error has cropped up in earlier versions, but didn't see a fix. I never compile it with curl (not needed for scanning email and never following links) so I don't know if this is a known error. Make runs without error, but make install (run as root) fails, complaining that main.cvd and daily.cvd are not in /usr/local/share/clamav: make[1]: Entering directory `/mydir/clamav-0.90rc2/database' /bin/bash ../mkinstalldirs /usr/local/share/clamav chmod: WARNING: can't access /usr/local/share/clamav/main.cvd chown: /usr/local/share/clamav/main.cvd: No such file or directory chgrp: /usr/local/share/clamav/main.cvd: No such file or directory chmod: WARNING: can't access /usr/local/share/clamav/daily.cvd chown: /usr/local/share/clamav/daily.cvd: No such file or directory chgrp: /usr/local/share/clamav/daily.cvd: No such file or directory make[1]: *** [install] Error 1 Do I need to worry about any of this? The message really means that the directory does not exist, so yes you should worry since nothing is going to work (i.e. the programs will not create the directory) until you create it yourself... or if you already had clamav installed then you should specify the database location in both configuration files (clamd.conf and freshclam.conf) since you chose not to use the configuration parameter for building. - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFa15RL3NNweKTRgwRAgq/AKCohc1OFFonb8vnm1hAmbWGTBxEzgCgqKVE EIoFajF36XloCq9LZuQPWE8= =yIXh -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav as postfix check_policy_service,
I do understand that pre acceptance processing raises the performance bar. I believe I can budget the resources required, and I am willing to revert if needed. Does anyone have clamav implemented as a policy service in postfix? The only way I know to get what you want is with the Clam milter from Snertsoft. It requires Postfix 2.3 with milter support. I've not tried this with Postfix but the Snertsoft milters work very well in Sendmail. If Weitze has implemented milters nearly as well as Sendmail then you won't be disappointed. http://www.snertsoft.com/sendmail/milter-clamc/ I do all filtering pre-acceptance but I process only about a million messages per week. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Compiling Clamav-0.9RC2 on Solaris Intel
On Mon, 27 Nov 2006, Jonathan Armitage wrote: I have just tried to configure, make and install Clamav-0.9RC2 on a Dell PC running Solaris 10. I have previously done the same with various 0.8 versions I don't know if this is your issue, but if you have bash installed, try editing the first line of configure to use bash instead of sh. Sun now ships a bash in /bin/bash , I compiled my own and used that #!/usr/local/bin/bash == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] How to run clamscan for a list of files from a file?
I have a list of files that I have written to a file and I would like clamscan to read the list from that file and scan only the files in the list. Is there a good way to do this? I have tried cat filelist | xargs clamscan This works, except that xarg can only pass about 200 filenames to clamscan at a time. So for a filelist containing 1000 filenames clamscan will be started 5 times, creating extra overhead. What I am actually trying to do is have clamscan only scan files that are new or have not changed since the last scan. I have gotten as far as creating a filelist containing a list of files that are new or where the md5sum has changed. The problem I have now is how to get that information to clamscan efficiently. -- Chris ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to run clamscan for a list of files from a file?
What I am actually trying to do is have clamscan only scan files that are new or have not changed since the last scan. I have gotten as far as creating a filelist containing a list of files that are new or where the md5sum has changed. The problem I have now is how to get that information to clamscan efficiently. Try: - Create a directory in /tmp. In that directory create soft links that reference your files. Run clamscan on the links. Check the logs for viruses. Delete the links. Delete the directory. or: - In a script use --include=PATT for each file you wish to scan. Haven't tried this one for a lot of files. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] ClamAV 0.90 Compilation on BSDI
Dear Sir , I tried to do ClamAV 0.90 Compilation on BSDI 3.1. But I could not do make. It indicated error messages. I used gcc version 2.7.2.1. pather# make make all-recursive Making all in libclamav source='matcher-ac.c' object='matcher-ac.lo' libtool=yes DEPDIR=.deps depmode=g cc /usr/contrib/bin/ksh ../depcomp /usr/contrib/bin/ksh ../libtool --mode=compi le gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./mspack -I./unrar -g -O2 -c -o matcher-ac.lo matcher-ac.c gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./mspack -I./unrar -g -O2 -c matcher-ac. c -Wp,-MD,.deps/matcher-ac.TPlo -o matcher-ac.o In file included from others.h:25, from matcher-ac.c:37: cltypes.h:36: redefinition of `int8_t' /usr/include/machine/types.h:48: `int8_t' previously declared here cltypes.h:41: redefinition of `int16_t' /usr/include/machine/types.h:50: `int16_t' previously declared here cltypes.h:48: redefinition of `int32_t' /usr/include/machine/types.h:52: `int32_t' previously declared here cltypes.h:59: redefinition of `int64_t' /usr/include/machine/types.h:56: `int64_t' previously declared here *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. Please let me know how to make. Best Regards. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV 0.90 Compilation on BSDI
On Tue, Nov 28, 2006 at 09:22:08AM +0900, H.Yagi said: Dear Sir , I tried to do ClamAV 0.90 Compilation on BSDI 3.1. But I could not do make. It indicated error messages. I used gcc version 2.7.2.1. pather# make make all-recursive Making all in libclamav source='matcher-ac.c' object='matcher-ac.lo' libtool=yes DEPDIR=.deps depmode=g cc /usr/contrib/bin/ksh ../depcomp /usr/contrib/bin/ksh ../libtool --mode=compi le gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./mspack -I./unrar -g -O2 -c -o matcher-ac.lo matcher-ac.c gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./mspack -I./unrar -g -O2 -c matcher-ac. c -Wp,-MD,.deps/matcher-ac.TPlo -o matcher-ac.o In file included from others.h:25, from matcher-ac.c:37: cltypes.h:36: redefinition of `int8_t' /usr/include/machine/types.h:48: `int8_t' previously declared here cltypes.h:41: redefinition of `int16_t' /usr/include/machine/types.h:50: `int16_t' previously declared here cltypes.h:48: redefinition of `int32_t' /usr/include/machine/types.h:52: `int32_t' previously declared here cltypes.h:59: redefinition of `int64_t' /usr/include/machine/types.h:56: `int64_t' previously declared here *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. Please let me know how to make. Add machine/types.h to the list of files in the AC_CHECK_HEADERS macro in configure.in. Then add #elif defined HAVE_MACHINE_INT_TYPES_H /* BSDI 3.1 */ #include machine/types.h At about line 31 of libclamav/cltypes.h. You'll have to rerun autoconf and so on. If it works, let us know and send a patch. I don't have access to one of those machines to take a look at the header, but I do see that the unsigned variants may not be typedef'ed, so it may need a more invasive fix. Good luck, -- -- | Stephen Gran | The road to hell is paved with melting | | [EMAIL PROTECTED] | snowballs. -- Larry Wall | | http://www.lobefin.net/~steve | in [EMAIL PROTECTED] | -- signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: clamd exit error code 71
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 javierohc wrote: We are running into a strange error with clamd. On our logs we see the following: @4000456b14c61e546d5c simscan: calling clamdscan @4000456b14c61e547914 simscan: fatal error executing clamdscan @4000456b14c61e5484cc simscan: exit error code: 71 We've google'd this extensivley and the only information we can find is that it's related to permissions. Permissions?? From `man clamscan`: RETURN CODES ... 71: Can't allocate memory (malloc). This is not the case for us, since we are sure the permissions have not changed and are correct upon rechecking them. Has anyone else ran into this issue? Thanks. - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFa4noL3NNweKTRgwRArFSAJ9M13j38u2LvWRKJSZGV0XE8j43kACeLZdT k0dO5rgBNYUjuMyneNcLrnE= =3lcw -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html