Re: [Clamav-users] need help
* Dennis Peterson [EMAIL PROTECTED]: amd thus it's subject to the same limitations (e.g. amavisd-new must have right to access the clamd socket). This is the numver one problem of the amavisd-new / clamd combo. Why can't you just configure clamd to run as the amavisd user? Of course you can do that. But you do have to configure something somewhere -- either clamd OR amavisd-new. -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBFsend no mail to [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clam-milter and freshclam headache, help
Some ideas about it? Is there a way to configure Sendmail without clam-milter? Sure. Just comment the lines in sendmail.mc regarding clamav-milter and re-make the .cf BTW, I think you may need to adjust update servers in config file to resolve the problem. Best, -- Arthur Sherman 052-4878851 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Trying to get ClamAV/Amavis running on Debian. I have R the FM.
On Tue, 2007-07-10 at 10:15 -0600, Morgan Smith wrote:
[EMAIL PROTECTED] wrote:
/etc/amavis/amavis.conf calls for clamAV via:
['Clam Antivirus-clamd',
\ask_daemon, [CONTSCAN {}\n, /var/run/clamav/clamd.ctl],
My config differs from yours right here . I have
this pointing to the clamd socket as defined by LocalSocket in my
clamd.conf. Double check to make sure that this value in your
amavis.conf and the LocalSocket in your clamd.conf are the same.
It sounds like you configured everything to use the amavis user. It may
be worth checking the ownership of that directory and file to make sure
that it's consistent with what everything expects them to be.
Thanks for the quick reply!
Yep, they're referencing the same socket file (clamd.ctl is the socket
file). As shown here:
#grep clamd.ctl /etc/clamav/clamd.conf /etc/amavis/amavisd.conf
/etc/clamav/clamd.conf:LocalSocket /var/run/clamav/clamd.ctl
/etc/amavis/amavisd.conf:\ask_daemon, [CONTSCAN {}\n,
/var/run/clamav/clamd.ctl],
I once ended up with multiple config files in different places. Is it
possible that either clam or amavis are using a config file in another
location (/etc/clamd.conf or /etc/amavisd.conf)? Maybe after editing the
config files the programs were not restarted and so the changes haven't
taken effect?
I'm just curious, can you manually use clamdscan successfully? If so,
then it would seem that it's more an amavis issue than clam. At that
point their mailing list may be more helpful. You might try to increase
the $log_level in amavis to provide more information. I would think that
2 would be sufficient.
The trick in my case, a MDV distro was to change the clamd user to
amavis in /etc/clamd.conf and clamd is now used happily by amavis. This
may not be the very correct way but it works and so far nothing else
seems to be broken.
The time for scanning e-mail is now a small fraction it used before.
Thomas
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Downloading updates from AV server
Today, we are getting this error when 1 of our systems tries to download the updates from our internal AV server: ClamAV update process started at Tue Jul 10 14:23:02 2007 main.inc is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) ERROR: Can't get information about host.domain.com/AV: Host not found ERROR: getpatch: Can't download daily-3624.cdiff from web.electrichendrix.com/AV ERROR: Can't get information about host.domain.com/AV: Host not found ERROR: getpatch: Can't download daily-3624.cdiff from web.electrichendrix.com/AV ERROR: Can't get information about host.domain.com/AV: Host not found ERROR: getpatch: Can't download daily-3624.cdiff from web.electrichendrix.com/AV WARNING: Incremental update failed, trying to download daily.cvd ERROR: Can't get information about host.domain.com/AV: Host not found ERROR: Can't download daily.cvd from web.electrichendrix.com/AV Trying again in 5 secs... This use to work. I am able to access the server no problems just not the updates. Chris ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Trying to get ClamAV/Amavis running on Debian. I have R the FM.
The trick in my case, a MDV distro was to change the clamd user to amavis in /etc/clamd.conf and clamd is now used happily by amavis. This may not be the very correct way but it works and so far nothing else seems to be broken. The time for scanning e-mail is now a small fraction it used before. Thomas Yeah, that's one of the first things I did, but still no joy. I'm thinking it's likely an amavis issue rather than a clamav issue, so I've posted the same info to the amavis mailing list. I'm sure I'm just overlooking something simple, but I've spent a couple days now trying to find it. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] scanPDF Usage
I am using Clamav (0.90.3), compiled from source, on Fedora Core 7. I have checked documentation, wiki, and mailing list archives. My clamd.conf file includes the following: # This option enables scanning within PDF files. # Default: no ScanPDF yes When I look at my clamd log file I see: PDF support disabled. I was expecting to see PDF support enabled. I am getting lots of spam emails with PDF attachments, that's why I'm trying to get this option working. - Michael McCandless [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] scanPDF Usage
When you compiled clamav, did you enable-experimental? Lyle Michael McCandless wrote: I am using Clamav (0.90.3), compiled from source, on Fedora Core 7. I have checked documentation, wiki, and mailing list archives. My clamd.conf file includes the following: # This option enables scanning within PDF files. # Default: no ScanPDF yes When I look at my clamd log file I see: PDF support disabled. I was expecting to see PDF support enabled. I am getting lots of spam emails with PDF attachments, that's why I'm trying to get this option working. - Michael McCandless [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] scanPDF Usage
No, I did not enable-experimental when I compiled. -Original Message- From: Lyle Giese [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 10, 2007 9:42 PM To: ClamAV users ML Cc: [EMAIL PROTECTED] Subject: Re: [Clamav-users] scanPDF Usage When you compiled clamav, did you enable-experimental? Lyle Michael McCandless wrote: I am using Clamav (0.90.3), compiled from source, on Fedora Core 7. I have checked documentation, wiki, and mailing list archives. My clamd.conf file includes the following: # This option enables scanning within PDF files. # Default: no ScanPDF yes When I look at my clamd log file I see: PDF support disabled. I was expecting to see PDF support enabled. I am getting lots of spam emails with PDF attachments, that's why I'm trying to get this option working. - Michael McCandless [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] scanPDF Usage
I had trouble finding a defination for what enable-experimental does and tried to ask here, but it's recommended and it allows PDF support to be enabled now. I also use the MSRBL sigs and Sane-Security phishing and spam sigs. I see the Sane sigs catching most of the PDF spam. Lyle Michael McCandless wrote: No, I did not enable-experimental when I compiled. -Original Message- From: Lyle Giese [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 10, 2007 9:42 PM To: ClamAV users ML Cc: [EMAIL PROTECTED] Subject: Re: [Clamav-users] scanPDF Usage When you compiled clamav, did you enable-experimental? Lyle Michael McCandless wrote: I am using Clamav (0.90.3), compiled from source, on Fedora Core 7. I have checked documentation, wiki, and mailing list archives. My clamd.conf file includes the following: # This option enables scanning within PDF files. # Default: no ScanPDF yes When I look at my clamd log file I see: PDF support disabled. I was expecting to see PDF support enabled. I am getting lots of spam emails with PDF attachments, that's why I'm trying to get this option working. - Michael McCandless [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] scanPDF Usage
Lyle Giese wrote:
I had trouble finding a defination for what enable-experimental does and
tried to ask here, but it's recommended and it allows PDF support to be
enabled now.
The source code shows that ScanPDF is not limited by CL_EXPERIMENTAL:
if(cfgopt(copt, ScanPDF)-enabled) {
logg(PDF support enabled.\n);
options |= CL_SCAN_PDF;
} else {
logg(PDF support disabled.\n);
}
if(cfgopt(copt, ScanHTML)-enabled) {
logg(HTML support enabled.\n);
options |= CL_SCAN_HTML;
} else {
logg(HTML support disabled.\n);
}
#ifdef CL_EXPERIMENTAL
if(cfgopt(copt,PhishingScanURLs)-enabled) {
...
#endif /* CL_EXPERIMENTAL */
Nor is it for clamscan:
#ifdef CL_EXPERIMENTAL
mprintf(--no-phishing-scan-urls Disable url-based
phishing detection\n);
mprintf(--no-phishing-restrictedscan Enable phishing
detection for all domains (might lead to false positives!)\n);
mprintf(--phishing-ssl Always block SSL
mismatches in URLs (phishing module)\n);
mprintf(--phishing-cloak Always block
cloaked URLs (phishing module)\n);
#endif
mprintf(--no-algorithmic Disable
algorithmic detection\n);
mprintf(--no-pe Disable PE
analysis\n);
mprintf(--no-elf Disable ELF
support\n);
mprintf(--no-ole2Disable OLE2
support\n);
mprintf(--no-pdf Disable PDF
support\n);
MrC
I also use the MSRBL sigs and Sane-Security phishing and spam sigs. I
see the Sane sigs catching most of the PDF spam.
Lyle
Michael McCandless wrote:
No, I did not enable-experimental when I compiled.
-Original Message-
Sent: Tuesday, July 10, 2007 9:42 PM
To: ClamAV users ML
Subject: Re: [Clamav-users] scanPDF Usage
When you compiled clamav, did you enable-experimental?
Lyle
Michael McCandless wrote:
I am using Clamav (0.90.3), compiled from source, on Fedora Core 7. I
have
checked documentation, wiki, and mailing list archives.
My clamd.conf file includes the following:
# This option enables scanning within PDF files.
# Default: no
ScanPDF yes
When I look at my clamd log file I see:
PDF support disabled.
I was expecting to see PDF support enabled. I am getting lots of spam
emails with PDF attachments, that's why I'm trying to get this option
working.
-
Michael McCandless
[EMAIL PROTECTED]
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] scanPDF Usage
At 07:55 PM 7/10/2007, Michael McCandless wrote: I am using Clamav (0.90.3), compiled from source, on Fedora Core 7. I have checked documentation, wiki, and mailing list archives. My clamd.conf file includes the following: # This option enables scanning within PDF files. # Default: no ScanPDF yes When I look at my clamd log file I see: PDF support disabled. I was expecting to see PDF support enabled. I am getting lots of spam emails with PDF attachments, that's why I'm trying to get this option working. I can't answer why you get PDF support disabled, but I will tell you that enabling this will have no effect on your pdf spam. (Sure you're editing the right clamd.conf? what's clamconf say?) The SaneSecurity add-on signatures do a pretty good job of catching these pdf spams, and does not depend on clamav PDF support. http://sanesecurity.co.uk/clamav/usage.htm the pdf sigs are in the scam database I'm a huge fan of the SaneSecurity signatures and highly recommend them to anyone who wants to expand clamav's anti-phish anti-scam capabilities. -- Noel Jones ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
