Re: [Clamav-users] need help
* Dennis Peterson [EMAIL PROTECTED]: amd thus it's subject to the same limitations (e.g. amavisd-new must have right to access the clamd socket). This is the numver one problem of the amavisd-new / clamd combo. Why can't you just configure clamd to run as the amavisd user? Of course you can do that. But you do have to configure something somewhere -- either clamd OR amavisd-new. -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBFsend no mail to [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clam-milter and freshclam headache, help
Some ideas about it? Is there a way to configure Sendmail without clam-milter? Sure. Just comment the lines in sendmail.mc regarding clamav-milter and re-make the .cf BTW, I think you may need to adjust update servers in config file to resolve the problem. Best, -- Arthur Sherman 052-4878851 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Trying to get ClamAV/Amavis running on Debian. I have R the FM.
On Tue, 2007-07-10 at 10:15 -0600, Morgan Smith wrote: [EMAIL PROTECTED] wrote: /etc/amavis/amavis.conf calls for clamAV via: ['Clam Antivirus-clamd', \ask_daemon, [CONTSCAN {}\n, /var/run/clamav/clamd.ctl], My config differs from yours right here . I have this pointing to the clamd socket as defined by LocalSocket in my clamd.conf. Double check to make sure that this value in your amavis.conf and the LocalSocket in your clamd.conf are the same. It sounds like you configured everything to use the amavis user. It may be worth checking the ownership of that directory and file to make sure that it's consistent with what everything expects them to be. Thanks for the quick reply! Yep, they're referencing the same socket file (clamd.ctl is the socket file). As shown here: #grep clamd.ctl /etc/clamav/clamd.conf /etc/amavis/amavisd.conf /etc/clamav/clamd.conf:LocalSocket /var/run/clamav/clamd.ctl /etc/amavis/amavisd.conf:\ask_daemon, [CONTSCAN {}\n, /var/run/clamav/clamd.ctl], I once ended up with multiple config files in different places. Is it possible that either clam or amavis are using a config file in another location (/etc/clamd.conf or /etc/amavisd.conf)? Maybe after editing the config files the programs were not restarted and so the changes haven't taken effect? I'm just curious, can you manually use clamdscan successfully? If so, then it would seem that it's more an amavis issue than clam. At that point their mailing list may be more helpful. You might try to increase the $log_level in amavis to provide more information. I would think that 2 would be sufficient. The trick in my case, a MDV distro was to change the clamd user to amavis in /etc/clamd.conf and clamd is now used happily by amavis. This may not be the very correct way but it works and so far nothing else seems to be broken. The time for scanning e-mail is now a small fraction it used before. Thomas ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Downloading updates from AV server
Today, we are getting this error when 1 of our systems tries to download the updates from our internal AV server: ClamAV update process started at Tue Jul 10 14:23:02 2007 main.inc is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) ERROR: Can't get information about host.domain.com/AV: Host not found ERROR: getpatch: Can't download daily-3624.cdiff from web.electrichendrix.com/AV ERROR: Can't get information about host.domain.com/AV: Host not found ERROR: getpatch: Can't download daily-3624.cdiff from web.electrichendrix.com/AV ERROR: Can't get information about host.domain.com/AV: Host not found ERROR: getpatch: Can't download daily-3624.cdiff from web.electrichendrix.com/AV WARNING: Incremental update failed, trying to download daily.cvd ERROR: Can't get information about host.domain.com/AV: Host not found ERROR: Can't download daily.cvd from web.electrichendrix.com/AV Trying again in 5 secs... This use to work. I am able to access the server no problems just not the updates. Chris ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Trying to get ClamAV/Amavis running on Debian. I have R the FM.
The trick in my case, a MDV distro was to change the clamd user to amavis in /etc/clamd.conf and clamd is now used happily by amavis. This may not be the very correct way but it works and so far nothing else seems to be broken. The time for scanning e-mail is now a small fraction it used before. Thomas Yeah, that's one of the first things I did, but still no joy. I'm thinking it's likely an amavis issue rather than a clamav issue, so I've posted the same info to the amavis mailing list. I'm sure I'm just overlooking something simple, but I've spent a couple days now trying to find it. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] scanPDF Usage
I am using Clamav (0.90.3), compiled from source, on Fedora Core 7. I have checked documentation, wiki, and mailing list archives. My clamd.conf file includes the following: # This option enables scanning within PDF files. # Default: no ScanPDF yes When I look at my clamd log file I see: PDF support disabled. I was expecting to see PDF support enabled. I am getting lots of spam emails with PDF attachments, that's why I'm trying to get this option working. - Michael McCandless [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] scanPDF Usage
When you compiled clamav, did you enable-experimental? Lyle Michael McCandless wrote: I am using Clamav (0.90.3), compiled from source, on Fedora Core 7. I have checked documentation, wiki, and mailing list archives. My clamd.conf file includes the following: # This option enables scanning within PDF files. # Default: no ScanPDF yes When I look at my clamd log file I see: PDF support disabled. I was expecting to see PDF support enabled. I am getting lots of spam emails with PDF attachments, that's why I'm trying to get this option working. - Michael McCandless [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] scanPDF Usage
No, I did not enable-experimental when I compiled. -Original Message- From: Lyle Giese [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 10, 2007 9:42 PM To: ClamAV users ML Cc: [EMAIL PROTECTED] Subject: Re: [Clamav-users] scanPDF Usage When you compiled clamav, did you enable-experimental? Lyle Michael McCandless wrote: I am using Clamav (0.90.3), compiled from source, on Fedora Core 7. I have checked documentation, wiki, and mailing list archives. My clamd.conf file includes the following: # This option enables scanning within PDF files. # Default: no ScanPDF yes When I look at my clamd log file I see: PDF support disabled. I was expecting to see PDF support enabled. I am getting lots of spam emails with PDF attachments, that's why I'm trying to get this option working. - Michael McCandless [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] scanPDF Usage
I had trouble finding a defination for what enable-experimental does and tried to ask here, but it's recommended and it allows PDF support to be enabled now. I also use the MSRBL sigs and Sane-Security phishing and spam sigs. I see the Sane sigs catching most of the PDF spam. Lyle Michael McCandless wrote: No, I did not enable-experimental when I compiled. -Original Message- From: Lyle Giese [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 10, 2007 9:42 PM To: ClamAV users ML Cc: [EMAIL PROTECTED] Subject: Re: [Clamav-users] scanPDF Usage When you compiled clamav, did you enable-experimental? Lyle Michael McCandless wrote: I am using Clamav (0.90.3), compiled from source, on Fedora Core 7. I have checked documentation, wiki, and mailing list archives. My clamd.conf file includes the following: # This option enables scanning within PDF files. # Default: no ScanPDF yes When I look at my clamd log file I see: PDF support disabled. I was expecting to see PDF support enabled. I am getting lots of spam emails with PDF attachments, that's why I'm trying to get this option working. - Michael McCandless [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] scanPDF Usage
Lyle Giese wrote: I had trouble finding a defination for what enable-experimental does and tried to ask here, but it's recommended and it allows PDF support to be enabled now. The source code shows that ScanPDF is not limited by CL_EXPERIMENTAL: if(cfgopt(copt, ScanPDF)-enabled) { logg(PDF support enabled.\n); options |= CL_SCAN_PDF; } else { logg(PDF support disabled.\n); } if(cfgopt(copt, ScanHTML)-enabled) { logg(HTML support enabled.\n); options |= CL_SCAN_HTML; } else { logg(HTML support disabled.\n); } #ifdef CL_EXPERIMENTAL if(cfgopt(copt,PhishingScanURLs)-enabled) { ... #endif /* CL_EXPERIMENTAL */ Nor is it for clamscan: #ifdef CL_EXPERIMENTAL mprintf(--no-phishing-scan-urls Disable url-based phishing detection\n); mprintf(--no-phishing-restrictedscan Enable phishing detection for all domains (might lead to false positives!)\n); mprintf(--phishing-ssl Always block SSL mismatches in URLs (phishing module)\n); mprintf(--phishing-cloak Always block cloaked URLs (phishing module)\n); #endif mprintf(--no-algorithmic Disable algorithmic detection\n); mprintf(--no-pe Disable PE analysis\n); mprintf(--no-elf Disable ELF support\n); mprintf(--no-ole2Disable OLE2 support\n); mprintf(--no-pdf Disable PDF support\n); MrC I also use the MSRBL sigs and Sane-Security phishing and spam sigs. I see the Sane sigs catching most of the PDF spam. Lyle Michael McCandless wrote: No, I did not enable-experimental when I compiled. -Original Message- Sent: Tuesday, July 10, 2007 9:42 PM To: ClamAV users ML Subject: Re: [Clamav-users] scanPDF Usage When you compiled clamav, did you enable-experimental? Lyle Michael McCandless wrote: I am using Clamav (0.90.3), compiled from source, on Fedora Core 7. I have checked documentation, wiki, and mailing list archives. My clamd.conf file includes the following: # This option enables scanning within PDF files. # Default: no ScanPDF yes When I look at my clamd log file I see: PDF support disabled. I was expecting to see PDF support enabled. I am getting lots of spam emails with PDF attachments, that's why I'm trying to get this option working. - Michael McCandless [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] scanPDF Usage
At 07:55 PM 7/10/2007, Michael McCandless wrote: I am using Clamav (0.90.3), compiled from source, on Fedora Core 7. I have checked documentation, wiki, and mailing list archives. My clamd.conf file includes the following: # This option enables scanning within PDF files. # Default: no ScanPDF yes When I look at my clamd log file I see: PDF support disabled. I was expecting to see PDF support enabled. I am getting lots of spam emails with PDF attachments, that's why I'm trying to get this option working. I can't answer why you get PDF support disabled, but I will tell you that enabling this will have no effect on your pdf spam. (Sure you're editing the right clamd.conf? what's clamconf say?) The SaneSecurity add-on signatures do a pretty good job of catching these pdf spams, and does not depend on clamav PDF support. http://sanesecurity.co.uk/clamav/usage.htm the pdf sigs are in the scam database I'm a huge fan of the SaneSecurity signatures and highly recommend them to anyone who wants to expand clamav's anti-phish anti-scam capabilities. -- Noel Jones ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html