Re: [clamav-users] Problem with /usr/share/clamav/freshclam-sleep

[Bill Maidment]

Thanks for the follow up, but this appears to be a one-off here as well.
It's all working fine at the moment.
Happy New Year
Bill
 
-Original message-
> From:Orion Poplawski 
> Sent: Tuesday 1st January 2019 13:38
> To: ClamAV users ML ; Bill Maidment 
> 
> Subject: Re: [clamav-users] Problem with /usr/share/clamav/freshclam-sleep
> 
> On 12/30/18 7:24 PM, Bill Maidment wrote:
> > Hi
> > I have just updated clamav to 0.101.0 from EPEL and I got the following 
> > error.
> > Maybe this is a one-off. Anyone else seeing this? Or do I have a 
> > configuration issue?
> > Cheers
> > Bill
> >   
> > -Original message-
> >> From:(Cron Daemon) 
> >> Sent: Monday 31st December 2018 12:21
> >> To: Bill Maidment 
> >> Subject: Cron root@giggs2 /usr/share/clamav/freshclam-sleep
> >>
> >> *** Error in `/usr/bin/freshclam': double free or corruption (fasttop): 
> >> 0x55576db83f00 ***
> >> === Backtrace: =
> >> /lib64/libc.so.6(+0x81489)[0x7f2259390489]
> ...
> 
> We've had one other report of such a crash after updating to 0.101.0 - 
> but the user hadn't seen it since.  If you can get a backtrace with 
> debug info that might be helpful.
> 
> 
> -- 
> Orion Poplawski
> Manager of NWRA Technical Systems  720-772-5637
> NWRA, Boulder/CoRA Office FAX: 303-415-9702
> 3380 Mitchell Lane   or...@nwra.com
> Boulder, CO 80301 https://www.nwra.com/
> 
> 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Problem with /usr/share/clamav/freshclam-sleep

[Bill Maidment]

Hi
I have just updated clamav to 0.101.0 from EPEL and I got the following error.
Maybe this is a one-off. Anyone else seeing this? Or do I have a configuration 
issue?
Cheers
Bill
 
-Original message-
> From:(Cron Daemon) 
> Sent: Monday 31st December 2018 12:21
> To: Bill Maidment 
> Subject: Cron root@giggs2 /usr/share/clamav/freshclam-sleep
> 
> *** Error in `/usr/bin/freshclam': double free or corruption (fasttop): 
> 0x55576db83f00 ***
> === Backtrace: =
> /lib64/libc.so.6(+0x81489)[0x7f2259390489]
> /lib64/libc.so.6(+0x838c8)[0x7f22593928c8]
> /lib64/libc.so.6(realloc+0x1d2)[0x7f2259394832]
> /usr/bin/freshclam(+0x1ab90)[0x55576cf43b90]
> /usr/bin/freshclam(+0x14f84)[0x55576cf3df84]
> /usr/bin/freshclam(+0x15647)[0x55576cf3e647]
> /usr/bin/freshclam(+0x157a3)[0x55576cf3e7a3]
> /usr/bin/freshclam(+0x16876)[0x55576cf3f876]
> /usr/bin/freshclam(+0x18662)[0x55576cf41662]
> /usr/bin/freshclam(+0x12b6e)[0x55576cf3bb6e]
> /usr/bin/freshclam(+0xc2a1)[0x55576cf352a1]
> /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f22593313d5]
> /usr/bin/freshclam(+0xc4dc)[0x55576cf354dc]
> === Memory map: 
> 55576cf29000-55576cf54000 r-xp  fd:00 67229614   
> /usr/bin/freshclam
> 55576d153000-55576d15a000 r--p 0002a000 fd:00 67229614   
> /usr/bin/freshclam
> 55576d15a000-55576d15b000 rw-p 00031000 fd:00 67229614   
> /usr/bin/freshclam
> 55576db6-55576dba5000 rw-p  00:00 0  
> [heap]
> 7f225000-7f2250021000 rw-p  00:00 0 
> 7f2250021000-7f225400 ---p  00:00 0 
> 7f22560d7000-7f22560ec000 r-xp  fd:00 134476056  
> /usr/lib64/libgcc_s-4.8.5-20150702.so.1
> 7f22560ec000-7f22562eb000 ---p 00015000 fd:00 134476056  
> /usr/lib64/libgcc_s-4.8.5-20150702.so.1
> 7f22562eb000-7f22562ec000 r--p 00014000 fd:00 134476056  
> /usr/lib64/libgcc_s-4.8.5-20150702.so.1
> 7f22562ec000-7f22562ed000 rw-p 00015000 fd:00 134476056  
> /usr/lib64/libgcc_s-4.8.5-20150702.so.1
> 7f22562ef000-7f22562f4000 r-xp  fd:00 134877446  
> /usr/lib64/libnss_dns-2.17.so
> 7f22562f4000-7f22564f4000 ---p 5000 fd:00 134877446  
> /usr/lib64/libnss_dns-2.17.so
> 7f22564f4000-7f22564f5000 r--p 5000 fd:00 134877446  
> /usr/lib64/libnss_dns-2.17.so
> 7f22564f5000-7f22564f6000 rw-p 6000 fd:00 134877446  
> /usr/lib64/libnss_dns-2.17.so
> 7f22564f7000-7f22564ff000 r-xp  fd:00 135580772  
> /usr/lib64/libnss_sss.so.2
> 7f22564ff000-7f22566fe000 ---p 8000 fd:00 135580772  
> /usr/lib64/libnss_sss.so.2
> 7f22566fe000-7f22566ff000 r--p 7000 fd:00 135580772  
> /usr/lib64/libnss_sss.so.2
> 7f22566ff000-7f225670 rw-p 8000 fd:00 135580772  
> /usr/lib64/libnss_sss.so.2
> 7f2256707000-7f2256713000 r-xp  fd:00 135392471  
> /usr/lib64/libnss_files-2.17.so
> 7f2256713000-7f2256912000 ---p c000 fd:00 135392471  
> /usr/lib64/libnss_files-2.17.so
> 7f2256912000-7f2256913000 r--p b000 fd:00 135392471  
> /usr/lib64/libnss_files-2.17.so
> 7f2256913000-7f2256914000 rw-p c000 fd:00 135392471  
> /usr/lib64/libnss_files-2.17.so
> 7f2256914000-7f225691a000 rw-p  00:00 0 
> 7f225691f000-7f225697f000 r-xp  fd:00 134674939  
> /usr/lib64/libpcre.so.1.2.0
> 7f225697f000-7f2256b7f000 ---p 0006 fd:00 134674939  
> /usr/lib64/libpcre.so.1.2.0
> 7f2256b7f000-7f2256b8 r--p 0006 fd:00 134674939  
> /usr/lib64/libpcre.so.1.2.0
> 7f2256b8-7f2256b81000 rw-p 00061000 fd:00 134674939  
> /usr/lib64/libpcre.so.1.2.0
> 7f2256b87000-7f2256bab000 r-xp  fd:00 136577441  
> /usr/lib64/libselinux.so.1
> 7f2256bab000-7f2256daa000 ---p 00024000 fd:00 136577441  
> /usr/lib64/libselinux.so.1
> 7f2256daa000-7f2256dab000 r--p 00023000 fd:00 136577441  
> /usr/lib64/libselinux.so.1
> 7f2256dab000-7f2256dac000 rw-p 00024000 fd:00 136577441  
> /usr/lib64/libselinux.so.1
> 7f2256dac000-7f2256dae000 rw-p  00:00 0 
> 7f2256daf000-7f2256db2000 r-xp  fd:00 134403235  
> /usr/lib64/libkeyutils.so.1.5
> 7f2256db2000-7f2256fb1000 ---p 3000 fd:00 134403235  
> /usr/lib64/libkeyutils.so.1.5
> 7f2256fb1000-7f2256fb2000 r--p 2000 fd:00 134403235  
> /usr/lib64/libkeyutils.so.1.5
> 7f2256fb2000-7f2256fb3000 rw-p 3000 fd:00 134403235  
&

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

[Bill Maidment]

Maybe these are dumb questions; if so, please ignore.
But doesn't it make more sense to update all the mirrors first, before changing 
the DNS? Is there some mechanism to do it that way round?
Anyway, it seems to be working OK here in Oz, for now.
Cheers
Bill
 
 
-Original message-
> From:Al Varnell 
> Sent: Monday 2nd July 2018 16:35
> To: ClamAV users ML 
> Subject: Re: [clamav-users] We STILL cannot reliably get virus updates (since 
> new mirrors)
> 
> I suspect the use of IPv6 would double the number of failures, but each 
> should be counted against a separate IP, so that doesn't strike me as 
> contributing. It would be interesting to know the interval between checks for 
> those experiencing this problem. That, along with knowing how long it takes 
> to update all mirrors after the DNS change is posted might tell us something 
> about that. I know the frequency of checking is supposed to be limited to 
> four per hour, but I know some feel the need to check more often. Given that 
> updates are posted every eight hours, checking more than once an hour doesn't 
> appear to be worth the effort. 
> As a ClamXAV user, I all but stopped using ClamAV mirrors 
> directly a few years ago, but over the decade or  so when I did use them I 
> don't recall seeing "non-synched" more than a hand-full of times, so that's 
> why I can't help but feel that something has changed with the CDN to make 
> that a much more frequently observed occurrence. 
> -Al- 
> On Sun, Jul 01, 2018 at 10:23 PM, Dennis Peterson wrote: 
> My interest is if a non-synched mirror would trigger an entry in which case 
> many false entries are possible. That is a cascading  error that would be 
> complicated by close-in-time updates. Just noodling out of the box a bit, 
> here. style="caret-color: rgb(0, 0, 0); font-family: Menlo-Regular; font-size: 
> 11px; font-style: normal; font-variant-caps: normal; font-weight: normal; 
> letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: 
> none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; 
> text-decoration: none;" class="" />dpOn 
> 7/1/18 9:28 PM, Al Varnell wrote:As far as the client mirrors.dat file, i!
 t's updated locally by freshclam to indicate either success or failure for a 
specific IP. After a specific number of failures (I've forgotten what that is) 
the IP is given a “time-out” which precludes it's use until some amount of time 
passes. Under normal circumstances, it's self-correcting over time, but what 
seems to be happening now is involves multiple failures over an extended time 
resulting in all mirrors being locked out, requiring manual intervention to 
delete the file which restarts the process.Sent 
from my iPad-Al-On 
Jul 1, 2018, at 21:11, Dennis Peterson mailto:denni...@inetnw.com>> wrote:What makes it 
a problem? You can never dl it until it is available, so the problem is you 
become aware of it too soon. But think about what that means. Your choices are 
to know immediately when an update is available and try to get it, or wait 
until every mirror is synchonized, become notified, then try. The first choice 
is a crapshoot you might win. The second choice isn't a crapshoot but it also 
doesn't save time. Remembering all this is automated the result is actually 
some uninteresting log entries.It would be 
interesting to know if an update notice is sent to all mirrors in the fashion 
of a DNS notification to slaves which would cause a parallel pull, or if the 
update itself is pushed, and what the process is for updating the client 
mirrors.dat file.dpOn 7/1/18 9:01 PM, Al Varnell wrote:Seems to me that it's only 
a problem if it takes a significant amount of time between the DNS update and 
the mirror updates. I don't have a good feel for how long that is from the 
postings so far, but it does sound like it may have increased as a result of 
the move from ClamAV mirrors to the ClamAV CDN.Sen!
 t from my iPad-Al-On Jul 1, 2018, at 20:38, Dennis Peterson mailto:denni...@inetnw.com>> wrote:On 7/1/18 
8:24 PM, Paul Kosinski wrote:My conclusion is that the cause of 
this is a typical race condition:the DNS TXT record is updated 
before Cloudflare has propagated the newcvd file to all the 
mirrors.Is this a problem?dp 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] FreshClam - DNS issues since October 31st

[Bill Maidment]

I'm still getting a mixed bag of results on db.AU
Sometimes it works and other times I get the following:

Mon Nov 13 18:21:35 2017 -> ClamAV update process started at Mon Nov 13 
18:21:35 2017
Mon Nov 13 18:21:35 2017 -> main.cld is up to date (version: 58, sigs: 4566249, 
f-level: 60, builder: sigmgr)
Mon Nov 13 18:22:12 2017 -> nonblock_recv: recv timing out (30 secs)
Mon Nov 13 18:22:12 2017 -> WARNING: getfile: Error while reading database from 
db.AU.clamav.net (IP: 128.199.133.36): Operation now in progress
Mon Nov 13 18:22:12 2017 -> WARNING: getpatch: Can't download daily-24039.cdiff 
from db.AU.clamav.net
Mon Nov 13 18:22:13 2017 -> WARNING: getfile: daily-24039.cdiff not found on 
db.AU.clamav.net (IP: 72.21.91.8)
Mon Nov 13 18:22:13 2017 -> WARNING: getpatch: Can't download daily-24039.cdiff 
from db.AU.clamav.net
Mon Nov 13 18:22:14 2017 -> Downloading daily-24039.cdiff [100%]
Mon Nov 13 18:22:16 2017 -> daily.cld updated (version: 24039, sigs: 1778849, 
f-level: 63, builder: neo)
Mon Nov 13 18:22:16 2017 -> bytecode.cld is up to date (version: 318, sigs: 75, 
f-level: 63, builder: raynman)
Mon Nov 13 18:22:22 2017 -> Database updated (6345173 signatures) from 
db.AU.clamav.net (IP: 198.148.78.4)
Mon Nov 13 21:21:34 2017 -> --
Mon Nov 13 21:21:34 2017 -> ClamAV update process started at Mon Nov 13 
21:21:34 2017
Mon Nov 13 21:21:34 2017 -> WARNING: DNS record is older than 3 hours.
Mon Nov 13 21:21:34 2017 -> WARNING: Invalid DNS reply. Falling back to HTTP 
mode.
Mon Nov 13 21:21:34 2017 -> Reading CVD header (main.cvd): Mon Nov 13 21:21:35 
2017 -> OK (IMS)
Mon Nov 13 21:21:35 2017 -> main.cld is up to date (version: 58, sigs: 4566249, 
f-level: 60, builder: sigmgr)
Mon Nov 13 21:21:35 2017 -> Reading CVD header (daily.cvd): Mon Nov 13 21:21:35 
2017 -> OK
Mon Nov 13 21:21:35 2017 -> daily.cld is up to date (version: 24039, sigs: 
1778849, f-level: 63, builder: neo)
Mon Nov 13 21:21:35 2017 -> Reading CVD header (bytecode.cvd): Mon Nov 13 
21:21:36 2017 -> OK
Mon Nov 13 21:21:36 2017 -> bytecode.cld is up to date (version: 318, sigs: 75, 
f-level: 63, builder: raynman)

 
 
-Original message-
> From:Groach 
> Sent: Tuesday 14th November 2017 6:56
> To: clamav-users@lists.clamav.net
> Subject: Re: [clamav-users] FreshClam - DNS issues since October 31st
> 
> On 08/11/2017 21:18, Jeff wrote:
> > The last three updates did not have the error. Below is the last error I 
> > got:
> >
> > --
> > ClamAV update process started at Wed Nov 08 13:13:12 2017
> 
> Its ok for me too (not returning DNS errors).  (But it says something 
> about 'cdiff not foundcant download from remote server' from one 
> server. But thats another thing).
> 
> ClamAV update process started at Tue Nov 07 21:58:00 2017
> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, 
> builder: sigmgr)
> WARNING: getfile: daily-24020.cdiff not found on remote server (IP: 
> 193.1.193.64)
> WARNING: getpatch: Can't download daily-24020.cdiff from database.clamav.net
> Trying host database.clamav.net (129.67.1.218)...
> Downloading daily-24020.cdiff [100%]
> Downloading daily-24021.cdiff [100%]
> Downloading daily-24022.cdiff [100%]
> Downloading daily-24023.cdiff [100%]
> daily.cld updated (version: 24023, sigs: 1774015, f-level: 63, builder: neo)
> Downloading bytecode-317.cdiff [100%]
> Downloading bytecode-318.cdiff [100%]
> bytecode.cld updated (version: 318, sigs: 75, f-level: 63, builder: raynman)
> Database updated (6340339 signatures) from database.clamav.net (IP: 
> 129.67.1.218)
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> 
> 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam failure - Still ongoing???

[Bill Maidment]

Yes, and it still failed.
I'm now switching to UK as others seem to have more success with that (for now).
 
 
-Original message-
> From:Al Varnell <alvarn...@mac.com>
> Sent: Saturday 26th August 2017 20:49
> To: ClamAV users ML <clamav-users@lists.clamav.net>
> Subject: Re: [clamav-users] Freshclam failure - Still ongoing???
> 
> Did you trash your daily.cld? Joel told us earlier today that those having 
> this issue would need to get rid of it along with mirrors.dat for freshclam 
> to function normally again.
> 
> -Al-
> 
> On Aug 25, 2017, at 11:09 PM, Bill Maidment <b...@maidment.me> wrote:
> 
> > This is getting really serious.
> > I found a mirror that was working on DE, but now that is failing too.
> > 
> > ERROR: getpatch: Can't download daily-23715.cdiff from 195.30.97.3
> > ERROR: Can't download daily.cvd from 195.30.97.3
> > 
> > Is this a virus
> > 
> > 
> > -Original message-
> >> From:Dennis Peterson <denni...@inetnw.com>
> >> Sent: Saturday 26th August 2017 1:02
> >> To: clamav-users@lists.clamav.net
> >> Subject: Re: [clamav-users] Freshclam failure - Still ongoing???
> >> 
> >> This is abysmal.
> >> 
> >> # freshclam --list-mirrors |grep Success |sort -n -k2
> >> Successes: 0
> >> Successes: 0
> >> Successes: 0
> >> Successes: 0
> >> Successes: 0
> >> Successes: 0
> >> Successes: 0
> >> Successes: 4
> >> Successes: 7
> >> Successes: 8
> >> Successes: 11
> >> Successes: 11
> >> Successes: 19
> >> Successes: 46
> >> Successes: 79
> >> Successes: 81
> >> Successes: 85
> >> Successes: 90
> >> Successes: 176
> >> Successes: 178
> >> Successes: 188
> >> Successes: 215
> >> 
> >> # freshclam --list-mirrors |grep Fail |sort -n -k2
> >> Failures: 0
> >> Failures: 0
> >> Failures: 2
> >> Failures: 4
> >> Failures: 12
> >> Failures: 19
> >> Failures: 21
> >> Failures: 23
> >> Failures: 55
> >> Failures: 90
> >> Failures: 102
> >> Failures: 109
> >> Failures: 110
> >> Failures: 148
> >> Failures: 148
> >> Failures: 160
> >> Failures: 163
> >> Failures: 183
> >> Failures: 274
> >> Failures: 274
> >> Failures: 275
> >> Failures: 275
> >> 
> >> # freshclam --list-mirrors |grep -B2 Fail
> >> IP: 208.72.56.53
> >> Successes: 0
> >> Failures: 275
> >> --
> >> IP: 200.236.31.1
> >> Successes: 81
> >> Failures: 160
> >> --
> >> IP: 64.6.100.177
> >> Successes: 0
> >> Failures: 274
> >> --
> >> ...
> >> 
> >> dp
> >> 
> >> On 8/25/17 4:00 AM, Joel Esler (jesler) wrote:
> >>> On it
> >>> 
> >>> Sent from my iPhone
> >>> 
> >> ___
> >> clamav-users mailing list
> >> clamav-users@lists.clamav.net
> >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >> 
> >> Help us build a comprehensive ClamAV guide:
> >> https://github.com/vrtadmin/clamav-faq
> >> 
> >> http://www.clamav.net/contact.html#ml
> >> 
> >> 
> > ___
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> > 
> > 
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> > 
> > http://www.clamav.net/contact.html#ml
> 
> -Al-
> -- 
> Al Varnell
> Mountain View, CA
> 
> 
> 
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> 
> 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam failure - Still ongoing???

[Bill Maidment]

This is getting really serious.
I found a mirror that was working on DE, but now that is failing too.

ERROR: getpatch: Can't download daily-23715.cdiff from 195.30.97.3
ERROR: Can't download daily.cvd from 195.30.97.3

Is this a virus

 
-Original message-
> From:Dennis Peterson 
> Sent: Saturday 26th August 2017 1:02
> To: clamav-users@lists.clamav.net
> Subject: Re: [clamav-users] Freshclam failure - Still ongoing???
> 
> This is abysmal.
> 
> # freshclam --list-mirrors |grep Success |sort -n -k2
> Successes: 0
> Successes: 0
> Successes: 0
> Successes: 0
> Successes: 0
> Successes: 0
> Successes: 0
> Successes: 4
> Successes: 7
> Successes: 8
> Successes: 11
> Successes: 11
> Successes: 19
> Successes: 46
> Successes: 79
> Successes: 81
> Successes: 85
> Successes: 90
> Successes: 176
> Successes: 178
> Successes: 188
> Successes: 215
> 
> # freshclam --list-mirrors |grep Fail |sort -n -k2
> Failures: 0
> Failures: 0
> Failures: 2
> Failures: 4
> Failures: 12
> Failures: 19
> Failures: 21
> Failures: 23
> Failures: 55
> Failures: 90
> Failures: 102
> Failures: 109
> Failures: 110
> Failures: 148
> Failures: 148
> Failures: 160
> Failures: 163
> Failures: 183
> Failures: 274
> Failures: 274
> Failures: 275
> Failures: 275
> 
> # freshclam --list-mirrors |grep -B2 Fail
> IP: 208.72.56.53
> Successes: 0
> Failures: 275
> --
> IP: 200.236.31.1
> Successes: 81
> Failures: 160
> --
> IP: 64.6.100.177
> Successes: 0
> Failures: 274
> --
> ...
> 
> dp
> 
> On 8/25/17 4:00 AM, Joel Esler (jesler) wrote:
> > On it
> >
> > Sent from my iPhone
> >
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> 
> 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam failure

[Bill Maidment]

Yeah that worked. Thanks
I guess that server will get a good working over now.
 
 
-Original message-
> From:Simon Wilson <si...@simonandkate.net>
> Sent: Thursday 24th August 2017 19:26
> To: clamav-users@lists.clamav.net
> Subject: Re: [clamav-users] Freshclam failure
> 
> I got mine working by pointing it to 'de' in /etc/freshclam.conf
> 
> ----- Message from Bill Maidment <b...@maidment.me> -
>  Date: Thu, 24 Aug 2017 19:24:04 +1000
>  From: Bill Maidment <b...@maidment.me>
> Reply-To: ClamAV users ML <clamav-users@lists.clamav.net>
>   Subject: Re: [clamav-users] Freshclam failure
>To: ClamAV users ML <clamav-users@lists.clamav.net>
> 
> 
> > It's stil failing here:
> >
> >  wget http://database.clamav.net/main.cvd
> > --2017-08-24 19:21:28--  http://database.clamav.net/main.cvd
> > Resolving database.clamav.net (database.clamav.net)... 193.1.193.64
> > Connecting to database.clamav.net  
> > (database.clamav.net)|193.1.193.64|:80... connected.
> > HTTP request sent, awaiting response... 404 Not Found
> > 2017-08-24 19:21:29 ERROR 404: Not Found.
> >
> >
> >
> > -Original message-
> >> From:Al Varnell <alvarn...@mac.com>
> >> Sent: Thursday 24th August 2017 18:42
> >> To: ClamAV users ML <clamav-users@lists.clamav.net>
> >> Subject: Re: [clamav-users] Freshclam failure
> >>
> >> See previous discussion  
> >> <http://lists.clamav.net/pipermail/clamav-users/2017-August/004990.html>
> >>
> >> And Blog announcement earlier today  
> >> <http://blog.clamav.net/2017/08/cvd-download-issues-for-august-23-2017.html>.
> >>
> >> Except that users are having some continuing issues tonight.
> >>
> >> -Al-
> >>
> >> On Aug 24, 2017, at 1:34 AM, Bill Maidment <b...@maidment.me> wrote:
> >>
> >> > Hi
> >> > I've been using clamav for many years ans suddenly yesterday  
> >> freshclam failed, first on the JP mirror, then on the AU mirror and  
> >> now everywhere.
> >> > I've tried all the suggested solutions, but nothing obvious in  
> >> the logs apart from the following:
> >> >
> >> > ERROR: getpatch: Can't download daily-23699.cdiff from db.AU.clamav.net
> >> > ERROR: Can't download daily.cvd from db.AU.clamav.net
> >> > ERROR: getpatch: Can't download daily-23699.cdiff from 
> >> > db.local.clamav.net
> >> > ERROR: Can't download daily.cvd from db.local.clamav.net
> >> > ERROR: getpatch: Can't download daily-23699.cdiff from 
> >> > database.clamav.net
> >> > ERROR: Can't download daily.cvd from database.clamav.net
> >> >
> >> > Cheers
> >> > Bill Maidment
> >> ___
> >> clamav-users mailing list
> >> clamav-users@lists.clamav.net
> >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >>
> >>
> >> Help us build a comprehensive ClamAV guide:
> >> https://github.com/vrtadmin/clamav-faq
> >>
> >> http://www.clamav.net/contact.html#ml
> >>
> >>
> > ___
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> 
> 
> - End message from Bill Maidment <b...@maidment.me> -
> 
> 
> 
> -- 
> Simon Wilson
> M: 0400 12 11 16
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> 
> 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam failure

[Bill Maidment]

It's stil failing here:

 wget http://database.clamav.net/main.cvd
--2017-08-24 19:21:28--  http://database.clamav.net/main.cvd
Resolving database.clamav.net (database.clamav.net)... 193.1.193.64
Connecting to database.clamav.net (database.clamav.net)|193.1.193.64|:80... 
connected.
HTTP request sent, awaiting response... 404 Not Found
2017-08-24 19:21:29 ERROR 404: Not Found.

 
 
-Original message-
> From:Al Varnell <alvarn...@mac.com>
> Sent: Thursday 24th August 2017 18:42
> To: ClamAV users ML <clamav-users@lists.clamav.net>
> Subject: Re: [clamav-users] Freshclam failure
> 
> See previous discussion 
> <http://lists.clamav.net/pipermail/clamav-users/2017-August/004990.html>
> 
> And Blog announcement earlier today 
> <http://blog.clamav.net/2017/08/cvd-download-issues-for-august-23-2017.html>.
> 
> Except that users are having some continuing issues tonight.
> 
> -Al-
> 
> On Aug 24, 2017, at 1:34 AM, Bill Maidment <b...@maidment.me> wrote:
> 
> > Hi
> > I've been using clamav for many years ans suddenly yesterday freshclam 
> > failed, first on the JP mirror, then on the AU mirror and now everywhere.
> > I've tried all the suggested solutions, but nothing obvious in the logs 
> > apart from the following:
> > 
> > ERROR: getpatch: Can't download daily-23699.cdiff from db.AU.clamav.net
> > ERROR: Can't download daily.cvd from db.AU.clamav.net
> > ERROR: getpatch: Can't download daily-23699.cdiff from db.local.clamav.net
> > ERROR: Can't download daily.cvd from db.local.clamav.net
> > ERROR: getpatch: Can't download daily-23699.cdiff from database.clamav.net
> > ERROR: Can't download daily.cvd from database.clamav.net
> > 
> > Cheers
> > Bill Maidment
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> 
> 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Freshclam failure

[Bill Maidment]

Hi
I've been using clamav for many years ans suddenly yesterday freshclam failed, 
first on the JP mirror, then on the AU mirror and now everywhere.
I've tried all the suggested solutions, but nothing obvious in the logs apart 
from the following:

ERROR: getpatch: Can't download daily-23699.cdiff from db.AU.clamav.net
ERROR: Can't download daily.cvd from db.AU.clamav.net
ERROR: getpatch: Can't download daily-23699.cdiff from db.local.clamav.net
ERROR: Can't download daily.cvd from db.local.clamav.net
ERROR: getpatch: Can't download daily-23699.cdiff from database.clamav.net
ERROR: Can't download daily.cvd from database.clamav.net

Cheers
Bill Maidment
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] WARNING: Your ClamAV installation is OUTDATED!

[Bill Maidment]

I've updated to clamav-0.97.5 and now I'm getting lots of rejections like
Clamd returned error: CL_EFORMAT: Bad format or broken data

I've had to revert to 0.97.4 for now.
Did I miss some crucial upgrade info?

Regards
Bill Maidment
Maidment Enterprises Pty Ltd

-Original message-
From: Bill Landry b...@inetmsg.com
Sent: Thursday 14th June 2012 9:47
To: clamav-users@lists.clamav.net
Subject: [clamav-users] WARNING: Your ClamAV installation is OUTDATED!


I've been seeing these notifications for the past few hours:

  WARNING: Your ClamAV installation is OUTDATED!
  WARNING: Local version: 0.97.4 Recommended version: 0.97.5

but the download link at clamav.net still shows:

  Latest stable release: ClamAV 0.97.4 (signature – ChangeLog)

When will the new release be available for download?

Thanks,

Bill
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net 
http://wiki.clamav.net 
http://www.clamav.net/support/ml http://www.clamav.net/support/ml 


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP

[Bill Maidment]

-Original message-
From:   Tomasz Kojm tk...@clamav.net
Sent:   Wed 08-02-2012 22:25
Subject:Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP
To: ClamAV users ML clamav-users@lists.clamav.net; 
 On Wed, 8 Feb 2012 11:02:54 +1100 Bill Maidment b...@maidment.vu wrote:
 
  I have manually patched 0.97.3, re-compiled, re-installed and restarted 
 clamd, but the ign2 file is still being ignored.
  
  [root@stiles clamav]# cat /usr/local/share/clamav/local.ign2 
  BC.Exploit.CVE_2011_3412
 
 The entry is not complete. The correct one is:
 
 BC.Exploit.CVE_2011_3412.{CVE_2011_3412}
 

Thanks for that. I was using the virus name reported by mimedefang. I must 
remember sigtool to give me the correct name.
The fix does work.


Cheers
Bill Maidment
IT Consultant to Elgas Ltd
Phone: 02 4294 3649
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP

[Bill Maidment]

-Original message-
From:   Ralf Hildebrandt ralf.hildebra...@charite.de
Sent:   Wed 08-02-2012 00:16
Subject:[clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP
To: clamav-users@lists.clamav.net; 
 Hi!
 
 I'm trying to disable this signature, since it's giving my FPs for
 some XLS files (yes, I already submitted it as FP today):
 
 mail2:/var/lib/clamav# sigtool --find-sigs=BC.Exploit.CVE_2011_3412
 [0001114551.cbc BYTECODE] 
 BC.Exploit.CVE_2011_3412.{CVE_2011_3412};Engine:56-255,Target:0;(01);0:d0cf11e0
 a1b11ae1;*:1c000404
 
 mail2:/var/lib/clamav# cat local.ign2
 BC.Exploit.CVE_2011_3412.{CVE_2011_3412}
 BC.Exploit.CVE_2011_3412
 CVE_2011_3412
 
 (I tried 3 different ways of disabling the signature)
 
 I restarted clamd, but still the mails are stopped as infected:
 
 Tue Feb  7 13:33:09 2012 - 
 /var/amavis/amavis-20120207T133055-06780-qWTSSGIn/parts/p004: 
 BC.Exploit.CVE_2011_3412(6988ecb2df20c8d0a4f43ccdc4008136:1782277) FOUND 
 Tue Feb  7 13:33:09 2012 - 
 /var/amavis/amavis-20120207T133055-06780-qWTSSGIn/parts/p002: 
 BC.Exploit.CVE_2011_3412(39fd7b52d5cde9f8599267f1eb0c5aab:1317888) FOUND
 
 What am I doing wrong here? Running clamv 0.97.3

It's the same story here. We've had to switch off all bytecode rules in the 
conf file. Not ideal.

Cheers
Bill Maidment
IT Consultant to Elgas Ltd
Phone: 02 4294 3649
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP

[Bill Maidment]

-Original message-
From:   Tomasz Kojm tk...@clamav.net
Sent:   Wed 08-02-2012 09:29
Subject:Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP
To: clamav-users@lists.clamav.net; 
 On Tue, 07 Feb 2012 23:11:24 +0100 Tomasz Kojm tk...@clamav.net wrote:
  On Tue, 7 Feb 2012 23:07:05 +0100 Ralf Hildebrandt
  ralf.hildebra...@charite.de wrote:
  
  Have you tried that for a bytecode signature? 
  sigtool --find-sigs=BC.Exploit.CVE_2011_3412
  doesn't emit a line number. Fields are not seperated with : but with ;
  
  The bytecode loader indeed seems to ignore local.ign2, I'm looking into it
 
 The problem is now fixed in master  0.97 branches:
 

Thanks Tomasz
The patch doesn't line up with 0.97.3 source. Do I have to manually patch that?

[root@stiles clamav-0.97.3]# patch -p1 --dry-run  ../fix.diff 
patching file libclamav/readdb.c
Hunk #1 succeeded at 1192 (offset -4 lines).
Hunk #2 FAILED at 1218.
Hunk #3 FAILED at 1388.
Hunk #4 succeeded at 1409 (offset -6 lines).
Hunk #5 FAILED at 1476.
Hunk #6 FAILED at 1484.
Hunk #7 succeeded at 1491 with fuzz 2 (offset -6 lines).
4 out of 7 hunks FAILED -- saving rejects to file libclamav/readdb.c.rej
[root@stiles clamav-0.97.3]# 


Cheers
Bill Maidment
IT Consultant to Elgas Ltd
Phone: 02 4294 3649
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP

[Bill Maidment]

-Original message-
From:   Bill Maidment b...@maidment.vu
Sent:   Wed 08-02-2012 09:53
Subject:Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP
To: clamav-users@lists.clamav.net; 
 -Original message-
 From: Tomasz Kojm tk...@clamav.net
 Sent: Wed 08-02-2012 09:29
 Subject:  Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP
 To:   clamav-users@lists.clamav.net; 
  On Tue, 07 Feb 2012 23:11:24 +0100 Tomasz Kojm tk...@clamav.net wrote:
   On Tue, 7 Feb 2012 23:07:05 +0100 Ralf Hildebrandt
   ralf.hildebra...@charite.de wrote:
   
   Have you tried that for a bytecode signature? 
   sigtool --find-sigs=BC.Exploit.CVE_2011_3412
   doesn't emit a line number. Fields are not seperated with : but with ;
   
   The bytecode loader indeed seems to ignore local.ign2, I'm looking into it
  
  The problem is now fixed in master  0.97 branches:
  
 
 Thanks Tomasz
 The patch doesn't line up with 0.97.3 source. Do I have to manually patch 
 that?
 

I have manually patched 0.97.3, re-compiled, re-installed and restarted clamd, 
but the ign2 file is still being ignored.

[root@stiles clamav]# cat /usr/local/share/clamav/local.ign2 
BC.Exploit.CVE_2011_3412
[root@stiles clamav]# 

Wed Feb  8 10:49:39 2012 - 
/var/spool/MIMEDefang/mdefang-q17NnSa7022557/Work/msg-30733-35.xls: 
BC.Exploit.CVE_2011_3412 FOUND


Cheers
Bill Maidment
IT Consultant to Elgas Ltd
Phone: 02 4294 3649
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Upcoming release of ClamAV (0.96.5)

[Bill Maidment]

) [with _BI1 = 
__gnu_cxx::__normal_iteratorllvm::SDISelAsmOperandInfo*, 
std::vectorllvm::SDISelAsmOperandInfo, 
std::allocatorllvm::SDISelAsmOperandInfo  , _BI2 = 
__gnu_cxx::__normal_iteratorllvm::SDISelAsmOperandInfo*, 
std::vectorllvm::SDISelAsmOperandInfo, 
std::allocatorllvm::SDISelAsmOperandInfo  ]’
/usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/bits/stl_algobase.h:517:
   instantiated from ‘_BI2 std::copy_backward(_BI1, _BI1, _BI2) [with _BI1 = 
__gnu_cxx::__normal_iteratorllvm::SDISelAsmOperandInfo*, 
std::vectorllvm::SDISelAsmOperandInfo, 
std::allocatorllvm::SDISelAsmOperandInfo  , _BI2 = 
__gnu_cxx::__normal_iteratorllvm::SDISelAsmOperandInfo*, 
std::vectorllvm::SDISelAsmOperandInfo, 
std::allocatorllvm::SDISelAsmOperandInfo  ]’
/usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/bits/vector.tcc:257:
   instantiated from ‘void std::vector_Tp, 
_Alloc::_M_insert_aux(__gnu_cxx::__normal_iteratortypename 
std::_Vector_base_Tp, _Alloc::_Tp_alloc_type::pointer, std::vector_Tp, 
_Alloc , const _Tp) [with _Tp = llvm::SDISelAsmOperandInfo, _Alloc = 
std::allocatorllvm::SDISelAsmOperandInfo]’
/usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/bits/stl_vector.h:610:
   instantiated from ‘void std::vector_Tp, _Alloc::push_back(const _Tp) 
[with _Tp = llvm::SDISelAsmOperandInfo, _Alloc = 
std::allocatorllvm::SDISelAsmOperandInfo]’
llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp:5346:   instantiated from 
here
/usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/bits/stl_algobase.h:408:
 warning: lowering visibility of ‘static _BI2 std::__copy_backward_BoolType, 
std::random_access_iterator_tag::copy_b(_BI1, _BI1, _BI2) [with _BI1 = 
llvm::SDISelAsmOperandInfo*, _BI2 = llvm::SDISelAsmOperandInfo*, bool _BoolType 
= false]’ to match its type
  CXXSelectionDAGISel.lo

SKIP: check_clamav
PASS: check_freshclam.sh
PASS: check_sigtool.sh
SKIP: check_unit_vg.sh
PASS: check1_clamscan.sh
PASS: check2_clamd.sh
PASS: check3_clamd.sh
PASS: check4_clamd.sh
SKIP: check5_clamd_vg.sh
SKIP: check6_clamd_vg.sh
SKIP: check7_clamd_hg.sh
SKIP: check8_clamd_hg.sh
SKIP: check9_clamscan_vg.sh
==
All 6 tests passed
(7 tests were not run)
==


Cheers
Bill Maidment
Consultant to Elgas Ltd
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Upcoming release of ClamAV

[Bill Maidment]

-Original message-

 
 You can help by testing (or just running ./configure  make check) the
 latest code available in our Git repository - the latest snapshot
 tarball can be grabbed here:
 

./configure

gives the Warning message

checking for CVE-2010-0405... bugged
configure: WARNING: ** bzip2 libraries are affected by the CVE-2010-0405 bug
configure: WARNING: ** We strongly suggest you to update bzip2
configure: WARNING: ** Please do not report stability problems to the 
ClamAV developers!

I am running on RHEL 6 Beta2 and the version of bzip2 is:
bzip2-1.0.5-6.1.el6.x86_64

I would have thought RedHat would have fixed their version of bzip2.
How does ./configure check bzip2? Is it just by version number?


Cheers
Bill Maidment
Consultant to Elgas Ltd

Q: Because it reverses the logical flow of conversation.
A: Why is putting a reply at the top of the message frowned upon?
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Upcoming release of ClamAV

[Bill Maidment]

-Original message-

 
 You can help by testing (or just running ./configure  make check) the
 latest code available in our Git repository - the latest snapshot
 tarball can be grabbed here:
 
 http://git.clamav.net/gitweb?p=clamav-devel.git;a=snapshot;h=refs/heads/master;s
 f=tgz
 

make check reports several errors for RHEL 6 Beta2. See attached log file.


Cheers
Bill Maidment
Consultant to Elgas Ltd

Q: Because it reverses the logical flow of conversation.
A: Why is putting a reply at the top of the message frowned upon?___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] OT: best ClamAV changelog entry

[Bill Maidment]

-Original message-
To: clamav-users@lists.clamav.net; 
From:   G.W. Haywood g...@jubileegroup.co.uk
Sent:   Thu 07-10-2010 23:41
Subject:Re: [Clamav-users] OT: best ClamAV changelog entry
 Hi there,
 
 On Thu, 7 Oct 2010 Steve Basford wrote:
 
  
 http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=42ab31d897c0d67b89467
 cfe34532c8b421d2c95
 
 Bought the wife some neodymium magnets for her birthday, but I didn't
 even know you could get that sort.  Maybe next birthday. :)
 
 --
 
 73,
 Ged.
 ___
 Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
 http://www.clamav.net/support/ml
 
 

Lovely. My wife didn't appreciate them either.

Cheers
Bill Maidment
Consultant to Elgas Ltd

Q: Because it reverses the logical flow of conversation.
A: Why is putting a reply at the top of the message frowned upon?
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] No debian woody support anymore?

[Bill Maidment]

 Simon, Mark,
 Are you ever going to get over it and move on? If you are unhappy with 
 ClamAVs decision take your bat and ball and go to some other ball park.
 

Here. Here!
Enough is enough!
There are more important things to consider.
Do I take tea, or coffee?
One lump, or two?

Have a nice day.

Bill Maidment
Consultant to Elgas Ltd
It's important to keep your rough edges - Neil Hannon
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] clamav-0.95.3 fails to compile in Fedora 10

[Bill Maidment]

Hi
The new 0.95.3 fails to compile in Fedora 10, but does compile OK in Fedora 11.
The Git snapshot does compile in Fedora 10, so obviously it has been fixed 
there.
Will a 0.95.3.1 release be imminent?
Cheers
Bill

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu
Consultant to Elgas Ltd
Phone: 02 9904 3364

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] clamav-0.95.3 fails to compile in Fedora 10

[Bill Maidment]

Hi
The new 0.95.3 fails to compile in Fedora 10, but does compile OK in Fedora 11.
The Git snapshot does compile in Fedora 10, so obviously it has been fixed 
there.
Will a 0.95.3.1 release be imminent?
Cheers
Bill

This is on a 64 bit machine.
Compile error details:

libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma 
-I../libltdl
-DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\/usr/local/lib64\ -g -O2 
-fno-strict-aliasing -MT
libclamav_la-matcher-bm.lo -MD -MP -MF .deps/libclamav_la-matcher-bm.Tpo -c 
matcher-bm.c
 -fPIC -DPIC -o .libs/libclamav_la-matcher-bm.o
In file included from matcher.h:29,
 from others.h:22,
 from matcher-bm.c:30:
others.h: In function ‘cli_getpagesize’:
others.h:363: error: ‘_SC_PAGESIZE’ undeclared (first use in this function)
others.h:363: error: (Each undeclared identifier is reported only once
others.h:363: error: for each function it appears in.)
make[4]: *** [libclamav_la-matcher-bm.lo] Error 1

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu
Consultant to Elgas Ltd
Phone: 02 9904 3364

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] clamav-0.95.3 fails to compile in Fedora 10

[Bill Maidment]

On Thu, 29 Oct 2009 09:55:15 - (GMT), Steve Basford wrote
  Hi
 
  same Error on FreeBSD 4.10
 
 This fix was added yesterday, so that might be the issue:
 

http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=e889924a70e881e0d74ade2b53b5255b94523161
 
 ie:
 
 unistd.h - standard symbolic constants and types:
 (int  getpagesize(void); (LEGACY))
 
 Cheers,
 
 Steve
 Sanesecurity
 
 ___
 Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
 http://www.clamav.net/support/ml

Yep. That did the trick. (I wonder why Fedora 11 didn't have the issue???)
Anyway thanks for the input.

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu
Consultant to Elgas Ltd
Phone: 02 9904 3364

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Australian Bush Fires

[Bill Maidment]

On Sun, 8 Feb 2009 11:40:47 + (GMT), G.W. Haywood wrote
 Hi guys,
 
 On Sun, 8 Feb 2009 Bill Maidment wrote:
 
 [religious claptrap snipped]
 
 Please take the religion somewhere else, this is the 21st century.
 


Oh what a sad society we live in, that no one cares about the suffering of our 
fellow
human beings.

Is the clamav community so callous?

God help you.
Goodbye 

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu
Consultant to Elgas Ltd
Phone: 02 9904 3364

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] Australian Bush Fires

[Bill Maidment]

I'm sorry to hijack this thread, but I wish there was some way to avert the 
bush fire
tragedies that are happening in Australia today.
49 people have lost their lives (and probably many more as complete townships 
have been
wiped out). 650 homes are known to have been destroyed bu fire in the state of 
Victoria
alone.
While spam/viruses are responsible for a great deal of human suffering, please 
spare a
few prayers for those suffering from the bushfire tragedies in Australia.

I thank this community for it's fight against spam/viruses; it is greatly 
appreciated.
Please spare a few thoughts for those families who have lost loved ones today.

Regards
Bill

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu
Consultant to Elgas Ltd
Phone: 02 9904 3364
k 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Australian Bush Fires

[Bill Maidment]

Guys
I make no more apologies. It's getting worse.
65 are now confirmed dead. 700 properties destroyed.
I know you cannot help practically, just as we felt unable to help at 9/11
Keep praying.

Regards VBill

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu
Consultant to Elgas Ltd
Phone: 02 9904 3364

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Australian Bush Fires

[Bill Maidment]

On Sun, 8 Feb 2009 10:11:52 +0300, Odhiambo Washington wrote
 On Sun, Feb 8, 2009 at 9:38 AM, Bill Maidment b...@maidment.vu wrote:
 
  I'm sorry to hijack this thread, but I wish there was some way to avert the
  bush fire
  tragedies that are happening in Australia today.
  49 people have lost their lives (and probably many more as complete
  townships have been
  wiped out). 650 homes are known to have been destroyed bu fire in the state
  of Victoria
  alone.
  While spam/viruses are responsible for a great deal of human suffering,
  please spare a
  few prayers for those suffering from the bushfire tragedies in Australia.
 
  I thank this community for it's fight against spam/viruses; it is greatly
  appreciated.
  Please spare a few thoughts for those families who have lost loved ones
  today.
 
 
 I'm sorry for the families that have lost loved ones.
 One thing worries me though: These bush fires are like an epidemic in Oz,
 that has no cure?
 Every year I hear about the bush fires in Oz, much like an epidemic without
 medicine. Oz govt can create fire barriers around places inhabited by
 people, no?
 
 Then there are the California fires.
 
 -- 
 Best regards,
 Odhiambo WASHINGTON,
 Nairobi,KE
 +254733744121/+254722743223
 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
 The only time a woman really succeeds in changing a man is when he is a
 baby.
  - Natalie Wood
 ___
 Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
 http://www.clamav.net/support/ml

So no one has the solution, except God.
Pray. Pray. Pray.
To Him.
We pray when you have issues.
God answers.

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu
Consultant to Elgas Ltd
Phone: 02 9904 3364

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1

[Bill Maidment]

On Thu, 16 Oct 2008 17:41:50 -0700, John Rudd wrote
 Tomasz Kojm wrote:
  
  Freshclam also submits information about detections with 3rd party 
  signatures.
 
 
 We only have one host in our environment that does freshclam (or any of 
 the other virus signature update mechanisms).

Same here.
Also with this setup we get logwatch warning messages as follows:

 - clam-update Begin  

 No updates detected in the log for the freshclam daemon (the
 ClamAV update process).  If the freshclam daemon is not running,
 you may need to restart it.  Other options:
 
 A. If you no longer wish to run freshclam, deleting the log file
(default is freshclam.log) will suppress this error message.
 
 B. If you use a different log file, update the appropriate
configuration file.  For example:
   echo LogFile = log_file  /etc/logwatch/conf/logfiles/clam-update.conf
where log_file is the filename of the freshclam log file.
 
 C. If you are logging using syslog, you need to indicate that your
log file uses the syslog format.  For example:
   echo *OnlyService = freshclam  
/etc/logwatch/conf/logfiles/clam-update.conf
   echo *RemoveHeaders  /etc/logwatch/conf/logfiles/clam-update.conf
 
 -- clam-update End - 

In spite of following the suggestions, these message still come out every day.
We are not running clamd on this server. Could it be that logwatch is checking 
for
something produced by clamd instead of freshclam?


--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu
One-armed Consultant to Elgas Ltd
Phone: 02 9904 3364

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Outdated Engine warning suppress

[Bill Maidment]

On Wed, 15 Oct 2008 13:00:07 +0100, clamav-users-bounces wrote
 
 I'm running Debian in a production environment,
 I cannot afford using the volatile repository, 
 meaning that my engine will always be outdated.
 

I too run in a Production environment, and I cannot afford NOT to use the 
volatile
repository. That's the nature of Spam/Viruses. It's a volatile world. Live 
with it.

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu
One-armed Consultant to Elgas Ltd
Phone: 02 9904 3364

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Webinar Recording

[Bill Maidment]

On Mon, 08 Sep 2008 12:53:48 +0100, Nigel Horne wrote
 Folks,
 
 Edwin's Webinar given last week on the topic of 0.94 is now available 
 for download
 from 

https://sourcefire.webex.com/sourcefire/lsr.php?AT=pbSP=ECrID=12075182rKey=51C99713B66EECED

So how do I play the .arf in Fedora 9 ? 

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu
One-armed Consultant to Elgas Ltd
Phone: 02 9904 3364

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Webinar Recording

[Bill Maidment]

On Mon, 08 Sep 2008 17:39:16 -0700, Dennis Peterson wrote
 Bill Maidment wrote:
  On Mon, 08 Sep 2008 12:53:48 +0100, Nigel Horne wrote
  Folks,
 
  Edwin's Webinar given last week on the topic of 0.94 is now available 
  for download
  from 
 
 
https://sourcefire.webex.com/sourcefire/lsr.php?AT=pbSP=ECrID=12075182rKey=51C99713B66EECED
  
  So how do I play the .arf in Fedora 9 ?
 
 Use VMPlayer to run a Windows virtual machine in Fedora.
 

I'm not buying Windoze just to watch the webinar. Think again.

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu
One-armed Consultant to Elgas Ltd
Phone: 02 9904 3364

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Webinar Recording

[Bill Maidment]

On Mon, 08 Sep 2008 20:23:20 -0700, Dennis Peterson wrote

 
 It was humor. I think Windows-centric presentations are kinda sucky. I 
 use a Mac so had no problems but would not have been able, so far as I 
 know, to see it from the office where I have only Unix.

A smiley or two might have given me a hint ;-) 8-)

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu
One-armed Consultant to Elgas Ltd
Phone: 02 9904 3364

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] announcing ClamAV 0.94rc1

[Bill Maidment]

On Tue, 19 Aug 2008 13:51:37 +0100 (BST), G.W. Haywood wrote
 Hi there,
 
 On Tue, 19 Aug 2008 Brian Morrison wrote:
 
  On Mon, 18 Aug 2008 10:59:29 +0100 G.W. Haywood wrote:
 
   On Mon, 18 Aug 2008, Luca Gibelli wrote:
  
... release candidate for 0.94.
  
   I started to download it, but when I saw that it was going to be just
   under 20 megabytes I cancelled it.
 
  Well it's not *that* big!
 
 My point was that it's ten times as big as it should be and apparently
 it's growing without bound.  This is because it contains a database,
 which is of course probably a useless copy of the one already on the
 machine which will be running the new version of clamav.  If it isn't,
 that's most probably because it's out of date, and it will be deleted.
 
 It's insane.
 

I agree with the sentiment, but it's not quite insane.
I think it is quite reasonable to provide a complete package that will give 
reasonable
protection straight out of the box.

Perhaps we could have two versions; one with a recent database, and one with an 
empty
database. Then let the user decide which he requires.

Cheers and thank for all the hard work.
Bill

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu
Consultant to Elgas Ltd
Phone: 02 9904 3364

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] 0.93.1RC1

[Bill Maidment]

On Wed, 28 May 2008 15:08:28 +0100, Nigel Horne wrote
 Dear All,
 
 As you may have seen, the first release candidate of 0.93.1 was 
 published earlier this week.
 


 
 We welcome any feedback and bugs on this RC prior to the release
 of 0.93.1, which is currently scheduled for 6th June. It doesn't matter
 if you don't have a test environment, you can still help us for example by
 downloading the release candidate and checking it compiles on your 
 system even if you don't
 install it; we particularly welcome reports on platform compatibility.
 

Compiled OK and is now running on Fedora 8  9 64-bit Athlon/Opteron machines.
Good work.

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu
Consultant to Elgas Ltd
Phone: 02 9904 3364

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Request for Testing

[Bill Maidment]

On Mon, 17 Mar 2008 17:24:16 +0100, Tomasz Kojm wrote
 Dear ClamAV users,
 

 It's *very* important for us to get your feedback about the changes
 in 0.93RC1. It's the best time to report any problems with this RC
 so they can get fixed before the final release!
 

Hi Tomasz
Thanks for all your hard work.
I have been running 0.93rc1 since 5th March on AMD X2 64-bit machines with no 
ill effects.
It was fortuitous that you changed the config parameter names, as it forced me 
to review
my existing settings and I found a few mistakes.
Thanks again
Bill

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu
Off-site consultant to Elgas Ltd
Phone: 02 9904 3364

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] What's this? I can't believe it!

[Bill Maidment]

On Sun, 20 Jan 2008 07:25:32 -0500, Gerard wrote
 On Sun, 20 Jan 2008 11:47:57 + (GMT)
 G.W. Haywood [EMAIL PROTECTED] wrote:
 
 [snip]
 
  My personal policy is to delete all files which have names ending in
  .exe, and I suggest that everyone should consider that approach.
 
 Why? On a none Win32 machine, the chance of such a file causing
 problems is nil and on a Win32 machine using such a 'scorched earth'
 policy would prove catastrophic. It would seem far wiser to simply
 refuse such files from users you are not acquainted with and properly
 screen such files from users who are familiar to you.
 
 Just my 2¢.
 
 -- 
 Gerard
 [EMAIL PROTECTED]
 
 I am just a nice, clean-cut Mongolian boy.
 
   Yul Brynner, 1956


I prefer a scorched earth to a scorched ass! Especially with a server that is 
trying to
protect Winoze users from their own stupidity. There are far too many users who 
will
gladly click on anything if you tell them to.
The default mimedefang filter flags almost all known executable suffixes as 
suspicious.
If someone must send an executable file, then ask them to obfuscate the suffix 
according
to a known plan. e.g. using fyf instead of exe
And don't think you can simply zip the file, because mimedefang unzips before 
checking
the file suffix.

Just my AUD 2c + GST

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu
Off-site consultant to Elgas Ltd

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] How to increase freshclam's log file limit

[Bill Maidment]

On Mon, 21 Jan 2008 15:32:59 +1100, James Brown wrote
 My freshclam.log only shows entries like:
 
 Log size = 11242653, max = 1048576
 LOGGING DISABLED (Maximal log file size exceeded).
 
 How can I increase the max log file size?
 

Try putting something like this in /etc/logrotate.d/freshclam (or wherever). 
This will
will stop it getting too big.

/var/log/freshclam.log {
missingok
notifempty
sharedscripts
postrotate
/etc/init.d/freshclam restart /dev/null 21 || true
endscript
}


--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu
Off-site consultant to Elgas Ltd

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Updated unofficial signatures download script

[Bill Maidment]

On Fri, 07 Sep 2007 12:54:52 -0700, Bill Landry wrote
 Folks, I just posted an update of my unofficial-sigs.sh script to my FTP 
 server. It can be downloaded from:
 
ftp://ftp.inetmsg.com/pub/unofficial-sigs.sh
 

I tried to down load, but I get:

An FTP protocol error occurred while trying to retrieve the URL:
ftp://ftp.inetmsg.com/pub/unofficial-sigs.sh

Squid sent the following FTP command:

PASS yourpassword

and then received this reply

OOPS: reading non-root config file

Your cache administrator is root

What's wrong?
Cheers
Bill
--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav 0.91.2 is out. Don't use it.

[Bill Maidment]

On Tue, 21 Aug 2007 04:53:28 -0700, John Rudd wrote
 It has a dangerous (lack of) value for CL_SCAN_STDOPT.  You're better 
 off not upgrading until they fix it.
 
 (filed as bug 631, but it's nothing new: CL_SCAN_STDOPT still doesn't 
 include CL_SCAN_PHISHING_DOMAINLIST; that omission can cause crashing 
 and hanging on certain platforms ... the clamav team already knows about 
 this problem, and they even enable that option as a default in clamscan, 
 just not in the CL_SCAN_STDOPT defined value ... my suggestion is to not 
 upgrade until they release a version that fixes this problem)
 

Does this problem exist in 0.91.1 ? If so then upgrading to 0.91.2 will not 
make things
worse! 

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-0.90.2 crashes - solved

[Bill Maidment]

On Tue, 17 Apr 2007 08:01:28 -0700, Dennis Peterson wrote
 Bill Maidment wrote:
  Guys
  A couple of days ago I reported clamav crashing on my 64 bit machine.
  It turns out that the fc5/fc6 rpms for xen kernels 2.6.20 are *all* broken.
  Backtracking to the 2.6.19-1.2911 kernel solved it.
  Sorry for the noise.
 
 So it sounds like a problem with the rpm, not ClamAV. Did you try 
 building from source?

It's the kernel-xen rpms that are faulty, nothing wrong with clamav (which I 
alsways
build from source).
Building kernel-xen from source is something I don't have time for.

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] clamav-0.90.2 crashes - solved

[Bill Maidment]

Guys
A couple of days ago I reported clamav crashing on my 64 bit machine.
It turns out that the fc5/fc6 rpms for xen kernels 2.6.20 are *all* broken.
Backtracking to the 2.6.19-1.2911 kernel solved it.
Sorry for the noise.

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] *.cvd again!

[Bill Maidment]

On Thu, 12 Apr 2007 12:20:17 +0200, Tomasz Kojm wrote
 On Thu, 12 Apr 2007 11:57:12 +0200
 Guillermo Gómez Valcárcel [EMAIL PROTECTED] wrote:
 
  I have the same symptoms.
  I wrote my symptoms in another post with subject:
  ERROR: reload db failed: Broken or not a CVD file
 
 http://lurker.clamav.net/message/20070411.175950.b7329d9f.en.html
 

Guys
I've been following the list on this problem and I believe that we may be 
barking up
the wrong tree. My set up is clamav 0.90.1 but I retrieve the .cvd files into 
a central
server. One mail server (i386) retrieved the .cvd files OK from that server, 
but the
other server (x86_64) failed to retrieve exactly the same .cvd file and shut 
down the
clamd service.

Log files for all servers attached.

I think there is a bug in clamav, which for me showed up in the x86_64 compile 
but not
the i386 compile.

Well that's my view on it. At least it's made me set up clamdwatch.
I hope this helps us.
Cheers
Bill
--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] *.cvd again! attachment fixed

[Bill Maidment]

On Thu, 12 Apr 2007 12:20:17 +0200, Tomasz Kojm wrote
 On Thu, 12 Apr 2007 11:57:12 +0200
 Guillermo Gómez Valcárcel [EMAIL PROTECTED] wrote:
 
  I have the same symptoms.
  I wrote my symptoms in another post with subject:
  ERROR: reload db failed: Broken or not a CVD file
 
 http://lurker.clamav.net/message/20070411.175950.b7329d9f.en.html
 

Guys
I've been following the list on this problem and I believe that we may be 
barking up
the wrong tree. My set up is clamav 0.90.1 but I retrieve the .cvd files into 
a central
server. One mail server (i386) retrieved the .cvd files OK from that server, 
but the
other server (x86_64) failed to retrieve exactly the same .cvd file and shut 
down the
clamd service.

Log files for all servers attached.

I think there is a bug in clamav, which for me showed up in the x86_64 compile 
but not
the i386 compile.

Well that's my view on it. At least it's made me set up clamdwatch.
I hope this helps us.
Cheers
Bill

Seems the attachment has a problem, so here it is in stream:

Central Server picks up updates from database.clamav.net
=
Received signal: wake up
ClamAV update process started at Wed Apr 11 20:16:22 2007
Connecting via squid
main.cvd is up to date (version: 43, sigs: 104500, f-level: 14,
builder: sven)
Connecting via squid
Downloading daily.cvd [100%]
daily.cvd updated (version: 3066, sigs: 3294, f-level: 14, builder:
arnaud)
Database updated (107794 signatures) from database.clamav.net
--
Received signal: wake up
ClamAV update process started at Wed Apr 11 20:31:28 2007
Connecting via squid
main.cvd is up to date (version: 43, sigs: 104500, f-level: 14,
builder: sven)
Connecting via squid
Downloading daily.cvd [100%]
daily.cvd updated (version: 3067, sigs: 3376, f-level: 14, builder:
ccordes)
Database updated (107876 signatures) from database.clamav.net
--


Internal Server (i386) picks up update from Central Server
=

Received signal: wake up
ClamAV update process started at Wed Apr 11 20:41:02 2007
Connecting via squid
main.cvd is up to date (version: 43, sigs: 104500, f-level: 14,
builder: sven)
Connecting via squid
Downloading daily.cvd [100%]
daily.cvd updated (version: 3067, sigs: 3376, f-level: 14, builder:
ccordes)
Database updated (107876 signatures) from camera1.maidment.vu
--
Received signal: wake up
ClamAV update process started at Wed Apr 11 20:56:02 2007
Connecting via squid
main.cvd is up to date (version: 43, sigs: 104500, f-level: 14,
builder: sven)
Connecting via squid
daily.cvd is up to date (version: 3067, sigs: 3376, f-level: 14,
builder: ccordes)
--
Received signal: wake up
ClamAV update process started at Wed Apr 11 21:11:02 2007
Connecting via squid
main.cvd is up to date (version: 43, sigs: 104500, f-level: 14,
builder: sven)
Connecting via squid
daily.cvd is up to date (version: 3067, sigs: 3376, f-level: 14,
builder: ccordes)
--


Internal Server (x86_64) detects database change


Apr 11 19:12:04 mail7 clamd[31984]: SelfCheck: Database status OK.
Apr 11 19:46:06 mail7 clamd[31984]: SelfCheck: Database status OK.
Apr 11 20:21:17 mail7 clamd[31984]: SelfCheck: Database status OK.
Apr 11 21:05:56 mail7 clamd[31984]: SelfCheck: Database modification
detected. Forcing reload.
Apr 11 21:05:56 mail7 clamd[31984]: Reading databases from
/usr/local/share/clamav
Apr 11 21:05:58 mail7 clamd[31984]: reload db failed: MD5 verification
error
Apr 11 21:05:58 mail7 clamd[31984]: Terminating because of a fatal
error.
Apr 11 21:06:00 mail7 clamd[31984]: Socket file removed.
Apr 11 21:06:00 mail7 clamd[31984]: --- Stopped at Wed Apr 11 21:06:00
2007






___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] clamav log file mystery on 0.90.1

[Bill Maidment]

Hi
I have a small mystery on file permissions for the clamav log file.
I am running clamd through mimedefang (user defang) and so in /etc/group I have:
 defang:x:2504:
 clamav:x:2505:clamav,defang
and the log file has:
 -rw-rw 1 clamav clamav 35736 Mar  6 15:13 /var/log/clam-update.log
But, I get the following when I start clamd
Starting clamd: Running as user defang (UID 2504, GID 2504)
 ERROR: Can't open /var/log/clam-update.log in append mode (check 
 permissions!).
 ERROR: Problem with internal logger. Please check the permissions on the
/var/log/clam-update.log file.
[FAILED]
When I change the permissions on /var/log/clam-update.log to 0666 it works OK.
This error has only occurred since I updated from 0.88.7 to 0.90.1
Any ideas on what I have got wrong? Or is this a new feature?
Cheers
Bill
--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

RE: [Clamav-users] clamav log file mystery on 0.90.1

[Bill Maidment]

On Wed, 14 Mar 2007 23:45:05 GMT, Mark wrote
  -Original Message-

 
 Did you put this in its new format? (with booleans).
 
 AllowSupplementaryGroups true
 

Ah! The new feature :-) I missed that.
Thanks. All working well now.

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Can't open directory /var/db/clamav/daily.inc

[Bill Maidment]

On Thu, 1 Mar 2007 11:04:01 -0800 (PST), Zivago Lee wrote
  On Thursday March 01, 2007 at 12:45:20 (PM) John W. Baxter wrote:
 
  The way our system operates, we learned of the problem well after the
  700
  permissions were set up, when I restarted our mail processing system for
  another reason.  (We run two processing systems per machine--handling
  submitted mail and handling incoming-from-the-world mail, each under its
  own
  user, so 700 is difficult for us.)
 
  You might be able to script something to check the permissions and
  change them if they are not what you expected. Probably running it via
  CRON would take care of the problem.
 
 I was looking at the freshclam.conf file and I see this:
 
 #OnUpdateExecute command
 
 Maybe we can put in 'chmod 755' on the directory once it runs an update...
 
 Any thoughts?
 

That's what I have been doing. And it works if you remember to take out the 
hash ;-)

Cheers

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Fw: [Mimedefang] [PATCH] Mimedefang and clamd/clamav 0.90

[Bill Maidment]

I received this from the mimedefang list and I've applied the patch. Now pdfs 
can be
sent and received OK.

This is only a workaround, but it may help others until it gets sorted out.

Cheers
Bill

-- Forwarded Message ---
From: Martin Blapp [EMAIL PROTECTED]
To: mimedefang@lists.roaringpenguin.com
Sent: Sat, 17 Feb 2007 08:39:19 +0100 (CET)
Subject: [Mimedefang] [PATCH] Mimedefang and clamd/clamav 0.90

Hi David,

If you use mimedefang 2.61 and clamd 0.90 together you will soon notice
a lot of errors in your maillog:

 Feb 15 19:05:45 filter1 mimedefang.pl[80173]: l1FI5gps090153: Clamd returned 
 error: Zip module failure

For this kind of error we have a fallback to clamscan in your config files.
Unfortunalty the fallback doesn't work anymore, because the clamav folks
have removed the --mbox option.

And I found other mails failing with this error:

 Feb 16 21:34:18 filter1 mimedefang.pl[80173]: l1GKY0OX024228: Clamd returned 
 error: Not supported data format

Nice. After adding Not supported data format to the zip regex, the mails
were checked sucessfully by clamscan instead of tempfailing. I guess we need 
this workaround too.

Martin

--- mimedefang.pl.in.orig   Thu Jan 18 15:43:12 2007
+++ mimedefang.pl.inSat Feb 17 08:29:06 2007
@@ -3669,7 +3669,7 @@

  # Run clamscan
  my($code, $category, $action) =
-   run_virus_scanner($Features{'Virus:CLAMAV'} .  --mbox --stdout 
--disable-summary
--infected $path 21);
+   run_virus_scanner($Features{'Virus:CLAMAV'} .  --stdout 
--disable-summary --infected
$path 21);
  if ($action ne 'proceed') {
return (wantarray ? ($code, $category, $action) : $code);
  }
@@ -3693,7 +3693,7 @@

  # Run clamscan
  my($code, $category, $action) =
-   run_virus_scanner($Features{'Virus:CLAMAV'} .  -r --mbox --stdout 
--disable-summary
--infected ./Work 21);
+   run_virus_scanner($Features{'Virus:CLAMAV'} .  -r --stdout 
--disable-summary
--infected ./Work 21);
  if ($action ne 'proceed') {
return (wantarray ? ($code, $category, $action) : $code);
  }
@@ -4506,10 +4506,10 @@
md_syslog('err', $MsgID: Clamd returned error: $err_detail);
# If it's a zip module failure, try falling back on clamscan.
# This is despicable, but it might work
-   if ($err_detail =~ /zip module failure/i 
+   if ($err_detail =~ /(?:zip module failure|Not supported data 
format)/i 
$Features{'Virus:CLAMAV'}) {
my ($code, $category, $action) =
-   run_virus_scanner($Features{'Virus:CLAMAV'} .  -r --unzip 
--mbox --stdout
--disable-summary --infected $CWD/Work 21);
+   run_virus_scanner($Features{'Virus:CLAMAV'} .  -r --unzip 
--stdout --disable-summary
--infected $CWD/Work 21);
if ($action ne 'proceed') {
return (wantarray ? ($code, $category, $action) : 
$code);
}
@@ -4603,10 +4603,10 @@
md_syslog('err', $MsgID: Clamd returned error: $err_detail);
# If it's a zip module failure, try falling back on clamscan.
# This is despicable, but it might work
-   if ($err_detail =~ /zip module failure/i 
+   if ($err_detail =~ /(?:zip module failure|Not supported data 
format)/i 
$Features{'Virus:CLAMAV'}) {
my ($code, $category, $action) =
-   run_virus_scanner($Features{'Virus:CLAMAV'} .  -r --unzip 
--mbox --stdout
--disable-summary --infected $CWD/Work 21);
+   run_virus_scanner($Features{'Virus:CLAMAV'} .  -r --unzip 
--stdout
--disable-summary --infected $CWD/Work 21);
if ($action ne 'proceed') {
return (wantarray ? ($code, $category, $action) : 
$code);
}

Martin Blapp, [EMAIL PROTECTED] [EMAIL PROTECTED]
--
ImproWare AG, UNIXSP  ISP, Zurlindenstrasse 29, 4133 Pratteln, CH
Phone: +41 61 826 93 00 Fax: +41 61 826 93 01
PGP: finger -l [EMAIL PROTECTED]
PGP Fingerprint: B434 53FC C87C FE7B 0A18 B84C 8686 EF22 D300 551E
--
--- End of Forwarded Message ---


--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

--- mimedefang.pl.in.orig   Thu Jan 18 15:43:12 2007
+++ mimedefang.pl.inSat Feb 17 08:29:06 2007
@@ -3669,7 +3669,7 @@
 
 # Run clamscan
 my($code, $category, $action) =
-   run_virus_scanner($Features{'Virus:CLAMAV'} .  --mbox --stdout 
--disable-summary --infected $path 21

Re: [Clamav-users] Re: pdf zip module failure

[Bill Maidment]

On Fri, 16 Feb 2007 15:56:48 +, Ian Abbott wrote
 On 15/02/2007 04:23, Bill Maidment wrote:
  Hi again
  I'm using clamav-0.90 with mimedefang-2.61, spamassassin-3.1.7 and 
  sendmail-8.14.0
  I'm now getting errors as follows:
  
  /var/spool/MIMEDefang/mdefang-l1DD1Lfh016597/Work/msg-15039-625.pdf: Zip 
  module failure
  ERROR
  
  This used to happen in clamav-0.88.3 Has the bug been re-introduced? Or 
  should I be
  looking elsewhere?
 
 PDF scanning is new in 0.90, so it won't be the same bug.  Maybe you 
 should submit a bug report with a sample PDF file.  It sounds similar to 
 bug #43 on clamav's bugzilla, but that is supposedly fixed.  Maybe this 
 is a new bug.

Thanks for the response.
How do you switch off pdf scanning, so I can get the the pdf in. Then I'll be 
able to
post it with a bug report. (That's if they send me another pdf).
Cheers
Bill

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] freshclam with clamav0.90

[Bill Maidment]

Thanks guys for the great new release. It's working well. The change to the new
parameter style was easy and is now more logical.

The change to diffs for the daily cvd is good, but it has caused me a problem. 
I used to
run a single freshclam server to download from the mirrors, and then all the 
other
servers and clamwin users download from that server. This still works if I have
ScriptedUpdates off, but doesn't work with ScriptedUpdates on.

Is there a way to create diff files on my download server? Or is there a better 
way to
handle this?

Cheers
Bill
--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] pdf zip module failure

[Bill Maidment]

Hi again
I'm using clamav-0.90 with mimedefang-2.61, spamassassin-3.1.7 and 
sendmail-8.14.0
I'm now getting errors as follows:

/var/spool/MIMEDefang/mdefang-l1DD1Lfh016597/Work/msg-15039-625.pdf: Zip module 
failure
ERROR

This used to happen in clamav-0.88.3 Has the bug been re-introduced? Or should 
I be
looking elsewhere?

Cheers
Bill

--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] clamav-0.90rc3 on FC6/x86_64

[Bill Maidment]

Hi Guys
I've downloaded and compiled OK on an FC6/i386 machine, but cannot compile on 
FC6/x86_64
machines because it compains about /ust/lib/libidn.so being missing.
Putting a link to /usr/lib/libidn.so.11.5.16 didn't work either.
Finally, in desperation, I did ln -s /usr/lib64/libidn.so.11.5.16 
/usr/lib/libidn.so and
it compiles and works if you get this email.
Is there a bug in the configure?

Cheers
Bill
--
Bill Maidment
Maidment Enterprises Pty Ltd
www.maidment.vu

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] OT: American date format (was: [EMAIL PROTECTED])

[Bill Maidment]

Jerry K wrote:
All Americans is a pretty broad finger to point.  North America alone 
consist of Canada, the US and Mexico.  I think that you should limit 
your frustration to the US alone.


Jerry K


He! He! Where I come from Americans = US (both Yankees and southerners). 
Mexicans, Canadians, Argies (that lot we had a small war with), etc. are 
all referenced by their approximate real name. We could start another 
flame war on this topic alone :-)


BTW I believe a more classical date format is the Ides of March which 
relates to how I would say a date e.g. The 20th of January in the year 
of our Lord 2005 ;-)


Enough. Enough., I hear everyone cry!

Bill

--
What's the difference between Linux and Windoze?
Linux   - Thousands of programmers are working *WITH*you.
Windoze - Thousands of programmers are working *AGAINST* you.

Web Site http://www.maidment.com.au

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] [EMAIL PROTECTED] undetected

[Bill Maidment]

Christopher X. Candreva wrote:

On Thu, 19 Jan 2006, Gerard Seibert wrote:



Thomas Hochstein [EMAIL PROTECTED]




Worm.VB-8 is ClamAV's name for [EMAIL PROTECTED], according to the
advisories I read.




I believe that, that definition was only added on the 18th. On 2/16 and



Not true. The first VB-8 I have logged is from 11:53 EST on Jan 17 .

-Chris



That all depends on your time zone. EST in Australia may be different to 
EST somewhere else. Let's not get into a fight over this.


Cheers (this English beer tastes soo good)
Bill


--
What's the difference between Linux and Windoze?
Linux   - Thousands of programmers are working *WITH*you.
Windoze - Thousands of programmers are working *AGAINST* you.

Web Site http://www.maidment.com.au

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] [EMAIL PROTECTED] undetected

[Bill Maidment]

Bill Maidment wrote:

Christopher X. Candreva wrote:


On Thu, 19 Jan 2006, Gerard Seibert wrote:



Thomas Hochstein [EMAIL PROTECTED]





Worm.VB-8 is ClamAV's name for [EMAIL PROTECTED], according to the
advisories I read.





I believe that, that definition was only added on the 18th. On 2/16 and




Not true. The first VB-8 I have logged is from 11:53 EST on Jan 17 .

-Chris



That all depends on your time zone. EST in Australia may be different to 
EST somewhere else. Let's not get into a fight over this.


Cheers (this English beer tastes soo good)
Bill




Sorry to reply to my own email, but I just noticed that the earlier 
poster is in a time zone a month ahead of the rest of us :-) I presume 
that 2/16 and 2/17 should have been 16th and 17th JANUARY.
(I still don't understand why the Americans put the month in front of 
the day -- it makes no logical sense other than to be different 
from/than everyone else).

Have a nice day ..  uuuggghhh
Bill

--
What's the difference between Linux and Windoze?
Linux   - Thousands of programmers are working *WITH*you.
Windoze - Thousands of programmers are working *AGAINST* you.

Web Site http://www.maidment.com.au

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] [EMAIL PROTECTED] undetected

[Bill Maidment]

Christopher X. Candreva wrote:

On Thu, 19 Jan 2006, Bill Maidment wrote:



Not true. The first VB-8 I have logged is from 11:53 EST on Jan 17 .




That all depends on your time zone. EST in Australia may be different to EST
somewhere else. Let's not get into a fight over this.



I mean GMT-0500 .  I wasn't aware there were any overlaping zone 
abbreviations.





Now GMT I understand ;-) What does EST mean - Eastern Standard Time, 
English Snooze Time, Emergency Summer Time?
Cheers from EST which in Australia means GMT+10 hours in the Winter and 
GMT+11 hours in the summer, but varies depending on which state you're 
in. (My state is oh dear I need another beer).


Bill

--
What's the difference between Linux and Windoze?
Linux   - Thousands of programmers are working *WITH*you.
Windoze - Thousands of programmers are working *AGAINST* you.

Web Site http://www.maidment.com.au

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav doubt

[Bill Maidment]

Richard Pijnenburg wrote:

Hi,

This question is one of many :)
Like the warning says: Local version: 0.87 Recommended version: 0.87.1
Just install the new version.


Clovis Tristao wrote:


Hi,

I'm update Clamav using /etc/cron.d/clamav-update or freshclam, but 
appears this message


ClamAV update process started at Tue Nov  8 10:26:12 2005
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.87 Recommended version: 0.87.1
DON'T PANIC! Read http://www.clamav.net/faq.html

What's happening, because I update the system:

clamav-0.87-1.fc5
clamav-update-0.87-1.fc5
clamav-data-0.87-1.fc5
clamav-lib-0.87-1.fc5

I'm read the http://www.clamav.net/faq.html, but not found any solution.
Thanks any help,

Clóvis





1. Don't top post.
2. Looks like he did update to 0.87-1 but not successfully.
3. What is fc5  A typo? Or am I that far out of date?
4. I think he is confusing signature update with package update.
5. I'm confused. It's been a lng day.

Cheers
Bill

--
What's the difference between Linux and Windoze?
Linux   - Thousands of programmers are working *WITH*you.
Windoze - Thousands of programmers are working *AGAINST* you.
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav doubt

[Bill Maidment]

q# wrote:

On Tue, Nov 08, 2005 at 10:33:52AM -0200, Clovis Tristao wrote:


Hi,

I'm update Clamav using /etc/cron.d/clamav-update or freshclam, but 
appears this message


ClamAV update process started at Tue Nov  8 10:26:12 2005
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.87 Recommended version: 0.87.1
DON'T PANIC! Read http://www.clamav.net/faq.html

What's happening, because I update the system:

clamav-0.87-1.fc5
clamav-update-0.87-1.fc5
clamav-data-0.87-1.fc5
clamav-lib-0.87-1.fc5



0.87-1 != 0.87.1-1



Doh! Attention to detail. Nice catch.

--
What's the difference between Linux and Windoze?
Linux   - Thousands of programmers are working *WITH*you.
Windoze - Thousands of programmers are working *AGAINST* you.
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Re: cvd timestamps question

[Bill Maidment]

G.W. Haywood wrote:


All I'm saying is that there aren't exactly 86400 seconds in a day, so
please don't be confused when you do the arithmetic and get an answer
which differs from the one that your OS gives you (whatever it is:).



And then there's Micro$oft
I display the date/time on my website based on the user's clock - just 
for fun. Internet Exploder insists that the year is 3905. Buggered if 
I'm going to code for their time warps.


Cheers
Bill
--
What's the difference between Linux and Windoze?
Linux   - Thousands of programmers are working *WITH*you.
Windoze - Thousands of programmers are working *AGAINST* you.
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Common Malware Enumeration

[Bill Maidment]

Daniel J McDonald wrote:

Since the so-called major players are supposedly on board with this,
will we see clamav providing input to this project?
http://www.eweek.com/article2/0,1895,1862251,00.asp

Frankly, it seems pretty hokey to me...



I say, everyone do their own thing. Whoever choses the catchiest name 
wins. Let's keep these mail admins on their toes. It's so much more fun 
that way.


Cheers
Email Admin for whoever.

--
What's the difference between Linux and Windoze?
Linux   - Thousands of programmers are working *WITH*you.
Windoze - Thousands of programmers are working *AGAINST* you.
___
http://lurker.clamav.net/list/clamav-users.html

Re: Fwd: [Clamav-users] Re: which scans mail

[Bill Maidment]

rick pim wrote:

Bart Silverstrim writes:

  CAN SOMEONE PLEASE UNSUBSCRIBE HIM?  Maybe permanently?...
  
  After the 15th time, I really start to hate those @#$%! OoO replies...


15? wow. i fly into a rage with the first. probably bad for my
blood pressure.

Just send a message or 50 to the [EMAIL PROTECTED] address given. That 
relieved ny stress, in fact it gave me great pleasure ;-)


--
What's the difference between Linux and Windoze?
Linux   - Thousands of programmers are working *WITH*you.
Windoze - Thousands of programmers are working *AGAINST* you.
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 0.81.1 tha same troubles with milter

[Bill Maidment]

Sergey wrote:
Hello Kritof,

KP # grep User /etc/clamd.conf
KP User clamav
Shouldn't the conf files be in /usr/local/etc/ ???
That's how it works for me and my log file is owned by clamav
Cheers
Bill
--
What's the difference between Linux and Windoze?
Linux   - Thousands of programmers are working *WITH*you.
Windoze - Thousands of programmers are working *AGAINST* you.
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.85 0.81.1 tha same troubles with milter

[Bill Maidment]

Dennis Peterson wrote:
Bill Maidment said:
Sergey wrote:
Hello Kritof,

KP # grep User /etc/clamd.conf
KP User clamav
Shouldn't the conf files be in /usr/local/etc/ ???
That's how it works for me and my log file is owned by clamav

That is dependant upon who built the binaries and the choices they made
when doing so. If this were standardized there would be fewer instances of
multiple versions of libs, executables, and config files installed on
systems. As a minimum, packagers should describe in their docs where
things go. My guess is most noobies would still not read it, but those who
try to debug the mess they have would have another tool to work with.
Agreed. Interestingly, it made me look at my setup again and, because I 
run Mimedefang, I have User defang in my clamd.conf clamav belongs to 
group defang and the log file permissions are 0660 clamav.clamav yet it 
still works on every clamav version including 0.85 and 0.85.1
My brain hurts.

The lesson to learn is: know your system and don't trust packagers.
I build clamav from source using default configure (even though I'm 
running Fedora 3.)

--
What's the difference between Linux and Windoze?
Linux   - Thousands of programmers are working *WITH*you.
Windoze - Thousands of programmers are working *AGAINST* you.
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Submitting a virus file

[Bill Maidment]

Trog wrote:

We are, of course, also looking for people to volunteer to become sig
makers. Assuming that they have the time and the relevant skills.
-trog
Excellent idea, trog. If you can let me know what has to be done, I'd 
love to help making sigs.

Cheers
Bill
--
What's the difference between Linux and Windoze?
Linux   - Thousands of programmers are working *WITH*you.
Windoze - Thousands of programmers are working *AGAINST* you.
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Tool to upgrade

[Bill Maidment]

Matt Fretwell wrote:
 Management|customers pay the wages. They don't need to know the
specifics. Nor, in all honesty, should they. As long as they have a cosy
little flow chart to keep them amused and happy, and a running and
working system, that is all they need to know.
 And no, it doesn't surprise me. I keep all my customers updated from
afar. They never know I have upgraded their systems unless I impart that
knowledge to them. I charge to do a job. The specifics of that job are
then no longer the customers concern. That is the purpose of
contracting|employing someone to do the job. They do not want the hassle
themselves.
 So yes, I do know the problems of a professional environment. And,
although it goes down like a lead brick on occasion, I have a simple
response and attitude. My way or find someone else. We are paid to do a
job, and I am including myself in this statement. Pussyfooting is not a
service I offer, however.
Absolutely brilliant. Do you mind if I quote this?
--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd 
numbered words (every other word beginning with the first) of the 
message above. If you have violated that, then you hereby owe the sender 
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see 
http://www.goldmark.org/jeff/stupid-disclaimers/)
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Version 0.83

[Bill Maidment]

Moritz Winterberg wrote:
Hi,
I just subscribed to the list, so forgive me if this question
has already been answered.
When executing freshclam I get a notice telling me to update
to clamav Version 0.83. I'm running 0.82 which looking at the web
seems to be the latest version ?
What does this mean ?
It means the web site administrator has made a mistake. There is an 0.83 
if you click on 0.82

--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd 
numbered words (every other word beginning with the first) of the 
message above. If you have violated that, then you hereby owe the sender 
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see 
http://www.goldmark.org/jeff/stupid-disclaimers/)
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Re: [Clamav-announce] announcing ClamAV 0.83

[Bill Maidment]

Damian Menscher wrote:
On Mon, 14 Feb 2005, Bill Maidment wrote:
Why didn't I get the announcement? I got all the replies!!!

Read the archive of this list back when 0.82, 0.81, 0.80, 0.75.1, 0.75, 
or any other release was announced.

Then subscribe to the clamav-announce list.
Damian Menscher
I DID! Still nothing!!!

--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd 
numbered words (every other word beginning with the first) of the 
message above. If you have violated that, then you hereby owe the sender 
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see 
http://www.goldmark.org/jeff/stupid-disclaimers/)
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Re: [Clamav-announce] announcing ClamAV 0.83

[Bill Maidment]

Alex S Moore wrote:
It was on the announce mailing list.  I do not think, at that time, it 
was posted to the users mailing list.

Read my follow-up post about an hour ago.
--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd 
numbered words (every other word beginning with the first) of the 
message above. If you have violated that, then you hereby owe the sender 
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see 
http://www.goldmark.org/jeff/stupid-disclaimers/)
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Re: [Clamav-announce] announcing ClamAV 0.83

[Bill Maidment]

Alex S Moore wrote:
[EMAIL PROTECTED] wrote:
and where might one find this new ClamAV 0.83? there's no link to it 
that i can find on clamav.net, nor any mention of it at all. most 
recent news is for 0.82.

Dive into the 0.82 link to get to the page on sourceforge.  0.83 is there.
Alex
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Why didn't I get the announcement? I got all the replies!!!
--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd 
numbered words (every other word beginning with the first) of the 
message above. If you have violated that, then you hereby owe the sender 
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see 
http://www.goldmark.org/jeff/stupid-disclaimers/)
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] ClamAV 0.82 out?

[Bill Maidment]

Brian Morrison wrote:
On Mon, 07 Feb 2005 17:48:08 +0900 in [EMAIL PROTECTED] alan
premselaar [EMAIL PROTECTED] wrote:

That's what I do... and it's so low-traffic that it's non obtrusive.
subsequently, that's how I knew about the 0.82 release as quickly as
I did.

Quite.
You eventually find out on the users list anyway ;-)
--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd 
numbered words (every other word beginning with the first) of the 
message above. If you have violated that, then you hereby owe the sender 
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see 
http://www.goldmark.org/jeff/stupid-disclaimers/)
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] initial configure

[Bill Maidment]

Arkady V.Belousov wrote:
Hi!

 Firstly buy me devocote for them. :)

I was thinking, buy me an oven Mmm, Pigeon Pie.
BM Be fair, Tomasz. The guy's Russian and you know what they do with
BM carrier pigeons, don't you :-)
 Earlier, cultivating pigeons was popular in our country, but now only
England (AFAIK) continues this tradition. (There even used steroids for
them. Poor pigeons.)
As a devout Pom (that's Aussie slang for Englishman), I resemble that 
remark. (Ooops. Sorry, I'm slipping into one of those weird English 
confusion of words). BTW Pigeon Fancying, as it is called, is usually 
practiced in the North of England or at one time in the east end of 
London. Now you mention a pigeon on steroids. I wouldn't like to meet 
one of those East End pigeons in a dark alley at night ;-)

--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd 
numbered words (every other word beginning with the first) of the 
message above. If you have violated that, then you hereby owe the sender 
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see 
http://www.goldmark.org/jeff/stupid-disclaimers/)
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] initial configure

[Bill Maidment]

Tomasz Kojm wrote:
On Fri,  7 Jan 2005 01:08:23 +0300 (MSK)
Arkady V.Belousov [EMAIL PROTECTED] wrote:

Don't
understand, why online access should/must be only one way to receive
updates.

We can send them to you every two weeks by a carrier pigeon.

Be fair, Tomasz. The guy's Russian and you know what they do with 
carrier pigeons, don't you :-)

--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd 
numbered words (every other word beginning with the first) of the 
message above. If you have violated that, then you hereby owe the sender 
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see 
http://www.goldmark.org/jeff/stupid-disclaimers/)
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] [Clamav-virusdb] SPF records

[Bill Maidment]

Brian Morrison wrote:
On Wed, 27 Oct 2004 15:22:00 +0100 (BST) in
[EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:

Well at least I know this SPF thing really works.

For some value of works.
Especially those defined by Spamassassin NOT ;-)
--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd 
numbered words (every other word beginning with the first) of the 
message above. If you have violated that, then you hereby owe the sender 
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see 
http://www.goldmark.org/jeff/stupid-disclaimers/)
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Old ClamAV workaround

[Bill Maidment]

Daniel J McDonald wrote:
On Mon, 2004-10-25 at 08:00 -0400, Bart Silverstrim wrote:

Well designed programs have a make uninstall option.  So, you would go
back to the orignial source, run make uninstall, then make install on
the new source.
except 'make uninstall' seems to be deprecated on perl modules like 
MIME-tools, and doesn't actually work.

--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd 
numbered words (every other word beginning with the first) of the 
message above. If you have violated that, then you hereby owe the sender 
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see 
http://www.goldmark.org/jeff/stupid-disclaimers/)
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Problems Compiling on Solaris X86 Box

[Bill Maidment]

James Lick wrote:
Ken Jones wrote:
All,
I have been having problems compiling on a Solaris 8 X86 box since the
release of 80rc series.
Undefined   first referenced
symbol in file
BZ2_bzRead  scanners.lo
BZ2_bzReadOpen  scanners.lo
BZ2_bzReadClose scanners.lo
ld: fatal: Symbol referencing errors. No output written to
.libs/libclamav.so.1.0.4
 

ClamAV 0.80 (and the rc versions) compiles fine for me on Solaris 10 B63 
x86, so it is not a general Solaris x86 problem.

I'm not sure if this is related, but on a RedHat box I had problems 
compiling .80 until I installed the bzip2-devel rpm.

--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd 
numbered words (every other word beginning with the first) of the 
message above. If you have violated that, then you hereby owe the sender 
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see 
http://www.goldmark.org/jeff/stupid-disclaimers/)
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] Freshclam DNS Warnings

[Bill Maidment]

One of my servers is giving these warnings. What causes this and is it 
anything to worry about?

freshclam daemon 0.80 (OS: linux-gnu, ARCH: i386, CPU: i686)
ClamAV update process started at Tue Oct 19 14:39:06 2004
WARNING: DNS record is older than 3 hours.
WARNING: Invalid DNS reply.
main.cvd is up to date (version: 27, sigs: 23982, f-level: 2, builder: 
tomek)
WARNING: DNS record is older than 3 hours.
WARNING: Invalid DNS reply.
daily.cvd is up to date (version: 535, sigs: 1272, f-level: 3, builder: 
trog)

--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd 
numbered words (every other word beginning with the first) of the 
message above. If you have violated that, then you hereby owe the sender 
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see 
http://www.goldmark.org/jeff/stupid-disclaimers/)
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] libbz2 and libgmp not found on x86_64 with rc3

[Bill Maidment]

Thomas Cameron wrote:
All -
Please bear with me, I am not a programmer so this might be something
silly I don't know about.
Programmers do silly things as well :-)
Try rc4. It's working for me on a dual Opteron.
Cheers
--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd 
numbered words (every other word beginning with the first) of the 
message above. If you have violated that, then you hereby owe the sender 
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see 
http://www.goldmark.org/jeff/stupid-disclaimers/)
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] clamav-0.80rc4 fails to build on x86_64

[Bill Maidment]

Thomas Cameron wrote:
On Sun, 2004-10-17 at 02:12 -0500, Thomas Cameron wrote:

Sorry should have mentioned - this is on a Fedora Core 2 box with all
updates applied as of today.  RC3 builds just fine on this box.
It's an AMD64.  uname -a gives:
Linux strongbox.example.com 2.6.8-1.521 #1 Mon Aug 16 09:01:00 EDT 2004
x86_64 x86_64 x86_64 GNU/Linux

Aha. I wasn't aware that FC2 could handle the AMD64. I'm running on 
FC3-test1 with only a few updates.

--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd 
numbered words (every other word beginning with the first) of the 
message above. If you have violated that, then you hereby owe the sender 
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see 
http://www.goldmark.org/jeff/stupid-disclaimers/)
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] clamv problem with 0.80rc2 and rc3

[Bill Maidment]

Bogusaw Brandys wrote:



First check how is set TMPDIR and permissions to that directory , i 
think (but I maybe wrong ;-)


TMPDIR is not set to anything. What controls that? I've never had any 
problems like this until today.

--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd 
numbered words (every other word beginning with the first) of the 
message above. If you have violated that, then you hereby owe the sender 
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see 
http://www.goldmark.org/jeff/stupid-disclaimers/)

[Clamav-users] make fails with 0.80rc2

[Bill Maidment]

Hi
I've built clamav-0.80rc2 on FC1 FC2 and FC3, but
when I tried it on a RH 7.2 machine the make fails as follows:
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib -I./mspack -g -O2 -MT 
mbox.lo -MD -MP -MF .deps/mbox.Tpo -c mbox.c  -fPIC -DPIC -o .libs/mbox.lo
mbox.c: In function `getURL':
mbox.c:2735: `CURLOPT_DNS_USE_GLOBAL_CACHE' undeclared (first use in 
this function)
mbox.c:2735: (Each undeclared identifier is reported only once
mbox.c:2735: for each function it appears in.)
make[2]: *** [mbox.lo] Error 1
make[2]: Leaving directory `/usr/local/src/clamav-0.80rc2/libclamav'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/local/src/clamav-0.80rc2'
make: *** [all] Error 2

Actually, I'm surprised I got this far, but I live in hopes.
BTW the reason this machine is RH 7.2 is for technical reasons. So I'm 
stuck with this old distro.

--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd 
numbered words (every other word beginning with the first) of the 
message above. If you have violated that, then you hereby owe the sender 
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see 
http://www.goldmark.org/jeff/stupid-disclaimers/)

Re: [Clamav-users] make fails with 0.80rc2

[Bill Maidment]

Trog wrote:

Disable libcurl support:
./configure --without-libcurl

Thanks. That did it.
--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd 
numbered words (every other word beginning with the first) of the 
message above. If you have violated that, then you hereby owe the sender 
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see 
http://www.goldmark.org/jeff/stupid-disclaimers/)

Re: [Clamav-users] 0.80rc build error

[Bill Maidment]

Just to say 0.80rc built and runs just fine on FC3-test1 and FC1
Sneaky change of name on clamav.conf, tho ;-)
--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd

Re: [Clamav-users] announcing ClamAV 0.80rc

[Bill Maidment]

Trog wrote:
Also, your freshclam.conf will be missing DNSDatabaseInfo
My freshclam.conf is indeed missing DNSDatabaseInfo, but I don't see 
anything replacing that.

Is there supposed to be a freshclamd.conf ?
--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd

Re: [Clamav-users] announcing ClamAV 0.80rc

[Bill Maidment]

Trog wrote:
It's not a replacement, it's an addition to the existing freshclam.conf

So why wasn't freshclam.conf renamed to force people to look at that too?
--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd

Re: [Clamav-users] announcing ClamAV 0.80rc

[Bill Maidment]

Tomasz Papszun wrote:
I'd like to add that changing the name from clamav.conf to clamd.conf
was requested by users on the ML a few times. So, it's not our fault
;-).
You are correct there. But it didn't appear in any devel versions until 
the 80rc came out. That's what took me by surprise.

I'm all for the change. I just think it should have been pointed out 
more obviously. But then, I don't read everything :-)

--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd

Re: [Clamav-users] announcing ClamAV 0.80rc

[Bill Maidment]

Matt wrote:
1) Reading the README.
Agreed.
How about adding an incompatibility comment similar to this from the 
mimedefang Changelog ?


WARNING: Before upgrading MIMEDefang, please search this file for
*** NOTE INCOMPATIBILITY ** to see if anything has changed that will
affect your filter.
 


--
 _/_/_/_/  _/  _/
_/_/  _/  _/  _/
   _/_/_/_/  _/
  _/_/  _/  _/  _/
 _/_/_/_/  _/  _/  _/
Bill Maidment
Maidment Enterprises Pty Ltd
Unless you are named Alfred E. Newman, you may read only the odd 
numbered words (every other word beginning with the first) of the 
message above. If you have violated that, then you hereby owe the sender 
AU$10 for each even numbered word you have read.
Adapted from Stupid Email Disclaimers (see 
http://www.goldmark.org/jeff/stupid-disclaimers/)

Re: [Clamav-users] Problem using HTTPProxy with Username and Password

[Bill Maidment]

Tomasz Kojm wrote:
Please test the attached patch and let me know if it helps.
 

Thanks very much. That solved the problem.
Sorry for the delay in responding, but this is the land of the long 
weekend. 8-)

Cheers
Bill

[Clamav-users] Problem using HTTPProxy with Username and Password

[Bill Maidment]

Hi
No one responded to my previous post (probably lost under the original 
thread), so I'll give it a new thread.

Running freshclam from clamav-0.72 through an authenticated firewall no 
longer works (worked fine in 0.71). I can't see anything in the 
freshclam source that could have caused this, so maybe it's a reaction 
to some other change.

freshclam daemon started (pid=29313)
ClamAV update process started at Mon Jun  7 11:02:11 2004
ERROR: Malformed CVD header detected.
ERROR: Can't read main.cvd header from database.clamav.net (1.90.1.244)
I'm using the following in /usr/local/etc/freshclam.conf with real data 
replaced with s, u, p

# Proxy settings
HTTPProxyServer s
HTTPProxyPort 3128
HTTPProxyUsername u
HTTPProxyPassword p
Another system with no authentication on the proxy, works fine with 
HTTPProxyUsername and HTTPProxyPassword commented out, but it also shows 
the above error if I uncomment those lines.

Cheers
Bill

Re: [Clamav-users] ClamAV 0.72 Released

[Bill Maidment]

Todd Lyons wrote:
Similar to this:
[EMAIL PROTECTED] root]# cat /etc/logrotate.d/clamav
/var/log/clamav/clamav.log {
   create 644 clamav clamav
   weekly
   compress
   postrotate
   /bin/kill -HUP `cat /var/run/clamav/clamd.pid` 2/dev/null || true
   endscript
}

 

Thanks guys. I just couldn't remember how it was done.
Cheers
Bill

Re: [Clamav-users] ClamAV 0.72 Released

[Bill Maidment]

Brian May wrote:
Since it was not posted here,
ClamAV 0.72 is available for download.
Major bugfixes in this release include crashes with corrupted BinHex
messages and some Excel documents. 
Protection against archive bombs (not fully functional since 0.70) was 
improved and a number of other improvements were made.

 

Running freshclam through a firewall no longer works (worked fine in 0.71)
freshclam daemon started (pid=29313)
ClamAV update process started at Mon Jun  7 11:02:11 2004
ERROR: Malformed CVD header detected.
ERROR: Can't read main.cvd header from database.clamav.net (1.90.1.244)
Did something change? I'm using the following in 
/usr/local/etc/freshclam.conf with real data replaced with s, u, 
p

# Proxy settings
HTTPProxyServer s
HTTPProxyPort 3128
HTTPProxyUsername u
HTTPProxyPassword p
Cheers
Bill

Re: [Clamav-users] ClamAV 0.72 Released

[Bill Maidment]

Brian May wrote:
Since it was not posted here,
ClamAV 0.72 is available for download.
Major bugfixes in this release include crashes with corrupted BinHex
messages and some Excel documents. 
Protection against archive bombs (not fully functional since 0.70) was 
improved and a number of other improvements were made.

The ClamAV team (http://www.clamav.net/team.html)
 

Another problem with freshclam in 0.72. It stops checking for updates 
after the overnight logrotate. The logfile is totally blank, but 
freshclam is still running.

Cheers
Bill

Re: [Clamav-users] ClamAV 0.72 Released

[Bill Maidment]

Scott Truman wrote:
The permissions on the new log file are probably wrong...
Scott
 

Do you see anything wrong with these permissions?
Note that the previous file gets gzipped, so it can't get written to 
afterwards.
Also note that when I restarted freshclam (nothing else) the log got 
updated.

-rw-r--r--1 clamav   root  483 Jun  7 03:34 clam-update.log
-rw-r--r--1 clamav   root  285 Jun  5 11:32 clam-update.log.1.gz

Re: [Clamav-users] ClamAV 0.72 Released

[Bill Maidment]

Graham Toal wrote:
Are you sure it's not still writing to the old file?  If it was already
open for write, and left open rather than opened/closed on every write,
that's a definite possibility.  Even if the file is rm'd, unix can
still let a process write to an open file.  The space isn't recovered
until the file is closed.
 

Yep that was it. So I need to stop freshclam and clamd before logrotate 
and start them after logrotate? What a bore!

Re: [Clamav-users] Problem with clamscan .vs. clamdscan

[Bill Maidment]

Jim Maul wrote:

 

Because clamscan doesnt use clamav.conf!!  S many people dont
seem to realize this.
   

Perhaps it should to avoid any confusion!
 

Perhaps, but this is not my decision.
   

/etc/clamav.conf - /etc/clamd.conf ?

 

The whole purpose of clamscan is to be a command line config'ed
scanner. Clamd
is a file config'ed scanner. Where is the hardship in that? It's
not rocket
science. And it clearly states this in the documentation (if
anybody reads it).
If you want clamscan to run with specific settings each time,
create a shell
script to call it.
   

Exactly.  I never said clamscan should use clamav.conf.  I simply stated
that since clamd/clamdscan (and optionally freshclam as well) are the only
programs to use clamav.conf, perhaps it would avoid some confusion if it
were to be called clamd.conf.
Jim

 

The problem arises because we users are lazy and our lazy eyes can't 
differential between clamscan and clamdscan and clamd. The names are all 
too similar!  Now freshclam is a reasonably different name and we don't 
get freshclam.conf confused with clamav.conf (even though they can be 
merged).

My point is that if we could make the names of the processes more 
distinguishable and match the conf files (if any) then we remove the 
chance of error. For example clamscan could be renamed to scanclam (with 
NO scanclam.conf), clamdscan renamed as daemonclam (with 
daemonclam.conf) or something like that.

Just my thoughts, but anyway the product is absolutely fantastic and 
streets ahead of the competition. Keep up the good work.

Bill

[Clamav-users] Freshclam daemon dying

[Bill Maidment]

Hi

I'm usinf clamav-0.68-1 and occasionally (once every two weeks) I get 
this response

ClamAV update process started at Tue Mar 30 08:46:36 2004
SelfCheck: Database status OK.
ERROR: Maximal time (1200 seconds) reached.
Then the freshclam daemon died.

Anyone else come acroos this sort of behaviour?

Cheers
Bill

[Clamav-users] Freshclam Bug

[Bill Maidment]

Hi

I previously reported a bug in freshclam/manager.c at line 362. My fix 
was incorrect and the problem is also at line 460.

Both lines 362 and 460 need to be changed from:
   char* buf = mmalloc(strlen(user)*2+4);
to:
  char *buf = mmalloc((strlen(user) + strlen(pass)) * 2 + 3);
This ensures that buf is large enough to contain the base64 expansion 
of user:pass, including the \0.

Cheers
Bill
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam Bug

[Bill Maidment]

Tomasz

I'm still coming to grips with C, but I was wondering why the CVS has:

char *buf = mmalloc((strlen(user) + strlen(pass)) * 2 + 4);
   =
in lines 362 and 460 of freshclam/manager.c
I calculated that it should be + 3 based on 2 bytes for the : and 1 byte for the \0
I know it doesn't hurt if the buffer size is overstated, but I was just wondering if 
I'd missed something.
Thanks
Bill
Tomasz Kojm wrote:

Thank you, fixed in CVS.

Best regards,
Tomasz Kojm
 



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Trouble with ClamAV-0.66

[Bill Maidment]

OK removed everything in /usr/local/lib and reinstalled. Still 
segfaults. Here is /usr/local/lib contents.

drwxr-xr-x2 root root 4096 Feb 13 08:19 .
drwxr-xr-x   13 root root 4096 Aug 12  2003 ..
-rw-r--r--1 root root   667906 Feb 13 08:19 libclamav.a
-rwxr-xr-x1 root root  740 Feb 13 08:19 libclamav.la
lrwxrwxrwx1 root root   18 Feb 13 08:19 libclamav.so - 
libclamav.so.1.0.3
lrwxrwxrwx1 root root   18 Feb 13 08:19 libclamav.so.1 
- libclamav.so.1.0.3
-rwxr-xr-x1 root root   356830 Feb 13 08:19 libclamav.so.1.0.3

It's actually crashing on this instruction at the bottom of str.c
   buffer = malloc(j-i+1);
where j=250 and i=79
The strange thing is that this is the second time it has gone through 
this routine with exactly the same input!
Oh well, I'm learning something about C in the process. I'm getting 
another programmer to check it out.

Also this machine had RedHat 9 installed as an upgrade from a partial 
RedHat 8, so something may be missing!

Cheers
Bill
Tomasz Kojm wrote:



It _shouldn't_ crash. I think for some reason it may be using an old
libclamav version - please remove all *clamav* files from /usr/local/lib
and reinstall 0.66.
Best regards,
Tomasz Kojm
 



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Trouble with ClamAV-0.66

[Bill Maidment]

More news. freshclam has segfaulted on one of my other machines. It 
seems to depend on which source of data is selected. At least one of the 
servers is sending the data undelimited (i.e. no \0 on the end) and so 
we get the data padded to 512 bytes with what looks like spaces. We 
still can't work out why it is failing, but it is.

Cheers
Bill
Bill Maidment wrote:

OK removed everything in /usr/local/lib and reinstalled. Still 
segfaults. Here is /usr/local/lib contents.

drwxr-xr-x2 root root 4096 Feb 13 08:19 .
drwxr-xr-x   13 root root 4096 Aug 12  2003 ..
-rw-r--r--1 root root   667906 Feb 13 08:19 libclamav.a
-rwxr-xr-x1 root root  740 Feb 13 08:19 libclamav.la
lrwxrwxrwx1 root root   18 Feb 13 08:19 libclamav.so 
- libclamav.so.1.0.3
lrwxrwxrwx1 root root   18 Feb 13 08:19 libclamav.so.1 
- libclamav.so.1.0.3
-rwxr-xr-x1 root root   356830 Feb 13 08:19 
libclamav.so.1.0.3

It's actually crashing on this instruction at the bottom of str.c
   buffer = malloc(j-i+1);
where j=250 and i=79
The strange thing is that this is the second time it has gone through 
this routine with exactly the same input!
Oh well, I'm learning something about C in the process. I'm getting 
another programmer to check it out.

Also this machine had RedHat 9 installed as an upgrade from a partial 
RedHat 8, so something may be missing!

Cheers
Bill



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Trouble with ClamAV-0.66

[Bill Maidment]

Found the problem. We are using HTTPProxy parameters and the user was 
being corrupted.

In freshclam/manager.c line 362
changed
   char* buf = mmalloc(strlen(user)*2+4);
to
   char* buf = mmalloc(strlen(user)*2+5);
to allow for the \0 to be added.
Cheers
Bill


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Trouble with ClamAV-0.66

[Bill Maidment]

Ok, here's more info. freshclam is segfaulting. This is on a Celeron 
1200 running RedHat 9.
I have it working fine on an Athlon  600 RedHat 9 and on a Pentium III 
1200 RedHat 7.2

Here's what I get when I run it non-daemon:

ClamAV update process started at Thu Feb 12 10:07:53 2004
Connecting via squid
Reading CVD header (main.cvd): Segmentation fault
As I said before, the 0.65 freshclam works OK.

Cheers
Bill




---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Trouble with ClamAV-0.66

[Bill Maidment]

More news.
I have tracked down the segfault to libclamav/str.c cli_strtok which is 
running off the end when called from cl_cvdparse looking for the digital 
signature. I am not a C programmer, but it looks like one or more of the 
servers has a malformed main.cvd which is breaking the 513 bytes allocated.

Cheers
Bill
Bill Maidment wrote:

Ok, here's more info. freshclam is segfaulting. This is on a Celeron 
1200 running RedHat 9.
I have it working fine on an Athlon  600 RedHat 9 and on a Pentium III 
1200 RedHat 7.2

Here's what I get when I run it non-daemon:

ClamAV update process started at Thu Feb 12 10:07:53 2004
Connecting via squid
Reading CVD header (main.cvd): Segmentation fault
As I said before, the 0.65 freshclam works OK.

Cheers
Bill




---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users