Re: [clamav-users] Problem with /usr/share/clamav/freshclam-sleep
Thanks for the follow up, but this appears to be a one-off here as well. It's all working fine at the moment. Happy New Year Bill -Original message- > From:Orion Poplawski > Sent: Tuesday 1st January 2019 13:38 > To: ClamAV users ML ; Bill Maidment > > Subject: Re: [clamav-users] Problem with /usr/share/clamav/freshclam-sleep > > On 12/30/18 7:24 PM, Bill Maidment wrote: > > Hi > > I have just updated clamav to 0.101.0 from EPEL and I got the following > > error. > > Maybe this is a one-off. Anyone else seeing this? Or do I have a > > configuration issue? > > Cheers > > Bill > > > > -Original message- > >> From:(Cron Daemon) > >> Sent: Monday 31st December 2018 12:21 > >> To: Bill Maidment > >> Subject: Cron root@giggs2 /usr/share/clamav/freshclam-sleep > >> > >> *** Error in `/usr/bin/freshclam': double free or corruption (fasttop): > >> 0x55576db83f00 *** > >> === Backtrace: = > >> /lib64/libc.so.6(+0x81489)[0x7f2259390489] > ... > > We've had one other report of such a crash after updating to 0.101.0 - > but the user hadn't seen it since. If you can get a backtrace with > debug info that might be helpful. > > > -- > Orion Poplawski > Manager of NWRA Technical Systems 720-772-5637 > NWRA, Boulder/CoRA Office FAX: 303-415-9702 > 3380 Mitchell Lane or...@nwra.com > Boulder, CO 80301 https://www.nwra.com/ > > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Problem with /usr/share/clamav/freshclam-sleep
Hi I have just updated clamav to 0.101.0 from EPEL and I got the following error. Maybe this is a one-off. Anyone else seeing this? Or do I have a configuration issue? Cheers Bill -Original message- > From:(Cron Daemon) > Sent: Monday 31st December 2018 12:21 > To: Bill Maidment > Subject: Cron root@giggs2 /usr/share/clamav/freshclam-sleep > > *** Error in `/usr/bin/freshclam': double free or corruption (fasttop): > 0x55576db83f00 *** > === Backtrace: = > /lib64/libc.so.6(+0x81489)[0x7f2259390489] > /lib64/libc.so.6(+0x838c8)[0x7f22593928c8] > /lib64/libc.so.6(realloc+0x1d2)[0x7f2259394832] > /usr/bin/freshclam(+0x1ab90)[0x55576cf43b90] > /usr/bin/freshclam(+0x14f84)[0x55576cf3df84] > /usr/bin/freshclam(+0x15647)[0x55576cf3e647] > /usr/bin/freshclam(+0x157a3)[0x55576cf3e7a3] > /usr/bin/freshclam(+0x16876)[0x55576cf3f876] > /usr/bin/freshclam(+0x18662)[0x55576cf41662] > /usr/bin/freshclam(+0x12b6e)[0x55576cf3bb6e] > /usr/bin/freshclam(+0xc2a1)[0x55576cf352a1] > /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f22593313d5] > /usr/bin/freshclam(+0xc4dc)[0x55576cf354dc] > === Memory map: > 55576cf29000-55576cf54000 r-xp fd:00 67229614 > /usr/bin/freshclam > 55576d153000-55576d15a000 r--p 0002a000 fd:00 67229614 > /usr/bin/freshclam > 55576d15a000-55576d15b000 rw-p 00031000 fd:00 67229614 > /usr/bin/freshclam > 55576db6-55576dba5000 rw-p 00:00 0 > [heap] > 7f225000-7f2250021000 rw-p 00:00 0 > 7f2250021000-7f225400 ---p 00:00 0 > 7f22560d7000-7f22560ec000 r-xp fd:00 134476056 > /usr/lib64/libgcc_s-4.8.5-20150702.so.1 > 7f22560ec000-7f22562eb000 ---p 00015000 fd:00 134476056 > /usr/lib64/libgcc_s-4.8.5-20150702.so.1 > 7f22562eb000-7f22562ec000 r--p 00014000 fd:00 134476056 > /usr/lib64/libgcc_s-4.8.5-20150702.so.1 > 7f22562ec000-7f22562ed000 rw-p 00015000 fd:00 134476056 > /usr/lib64/libgcc_s-4.8.5-20150702.so.1 > 7f22562ef000-7f22562f4000 r-xp fd:00 134877446 > /usr/lib64/libnss_dns-2.17.so > 7f22562f4000-7f22564f4000 ---p 5000 fd:00 134877446 > /usr/lib64/libnss_dns-2.17.so > 7f22564f4000-7f22564f5000 r--p 5000 fd:00 134877446 > /usr/lib64/libnss_dns-2.17.so > 7f22564f5000-7f22564f6000 rw-p 6000 fd:00 134877446 > /usr/lib64/libnss_dns-2.17.so > 7f22564f7000-7f22564ff000 r-xp fd:00 135580772 > /usr/lib64/libnss_sss.so.2 > 7f22564ff000-7f22566fe000 ---p 8000 fd:00 135580772 > /usr/lib64/libnss_sss.so.2 > 7f22566fe000-7f22566ff000 r--p 7000 fd:00 135580772 > /usr/lib64/libnss_sss.so.2 > 7f22566ff000-7f225670 rw-p 8000 fd:00 135580772 > /usr/lib64/libnss_sss.so.2 > 7f2256707000-7f2256713000 r-xp fd:00 135392471 > /usr/lib64/libnss_files-2.17.so > 7f2256713000-7f2256912000 ---p c000 fd:00 135392471 > /usr/lib64/libnss_files-2.17.so > 7f2256912000-7f2256913000 r--p b000 fd:00 135392471 > /usr/lib64/libnss_files-2.17.so > 7f2256913000-7f2256914000 rw-p c000 fd:00 135392471 > /usr/lib64/libnss_files-2.17.so > 7f2256914000-7f225691a000 rw-p 00:00 0 > 7f225691f000-7f225697f000 r-xp fd:00 134674939 > /usr/lib64/libpcre.so.1.2.0 > 7f225697f000-7f2256b7f000 ---p 0006 fd:00 134674939 > /usr/lib64/libpcre.so.1.2.0 > 7f2256b7f000-7f2256b8 r--p 0006 fd:00 134674939 > /usr/lib64/libpcre.so.1.2.0 > 7f2256b8-7f2256b81000 rw-p 00061000 fd:00 134674939 > /usr/lib64/libpcre.so.1.2.0 > 7f2256b87000-7f2256bab000 r-xp fd:00 136577441 > /usr/lib64/libselinux.so.1 > 7f2256bab000-7f2256daa000 ---p 00024000 fd:00 136577441 > /usr/lib64/libselinux.so.1 > 7f2256daa000-7f2256dab000 r--p 00023000 fd:00 136577441 > /usr/lib64/libselinux.so.1 > 7f2256dab000-7f2256dac000 rw-p 00024000 fd:00 136577441 > /usr/lib64/libselinux.so.1 > 7f2256dac000-7f2256dae000 rw-p 00:00 0 > 7f2256daf000-7f2256db2000 r-xp fd:00 134403235 > /usr/lib64/libkeyutils.so.1.5 > 7f2256db2000-7f2256fb1000 ---p 3000 fd:00 134403235 > /usr/lib64/libkeyutils.so.1.5 > 7f2256fb1000-7f2256fb2000 r--p 2000 fd:00 134403235 > /usr/lib64/libkeyutils.so.1.5 > 7f2256fb2000-7f2256fb3000 rw-p 3000 fd:00 134403235 &
Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)
Maybe these are dumb questions; if so, please ignore. But doesn't it make more sense to update all the mirrors first, before changing the DNS? Is there some mechanism to do it that way round? Anyway, it seems to be working OK here in Oz, for now. Cheers Bill -Original message- > From:Al Varnell > Sent: Monday 2nd July 2018 16:35 > To: ClamAV users ML > Subject: Re: [clamav-users] We STILL cannot reliably get virus updates (since > new mirrors) > > I suspect the use of IPv6 would double the number of failures, but each > should be counted against a separate IP, so that doesn't strike me as > contributing. It would be interesting to know the interval between checks for > those experiencing this problem. That, along with knowing how long it takes > to update all mirrors after the DNS change is posted might tell us something > about that. I know the frequency of checking is supposed to be limited to > four per hour, but I know some feel the need to check more often. Given that > updates are posted every eight hours, checking more than once an hour doesn't > appear to be worth the effort. > As a ClamXAV user, I all but stopped using ClamAV mirrors > directly a few years ago, but over the decade or so when I did use them I > don't recall seeing "non-synched" more than a hand-full of times, so that's > why I can't help but feel that something has changed with the CDN to make > that a much more frequently observed occurrence. > -Al- > On Sun, Jul 01, 2018 at 10:23 PM, Dennis Peterson wrote: > My interest is if a non-synched mirror would trigger an entry in which case > many false entries are possible. That is a cascading error that would be > complicated by close-in-time updates. Just noodling out of the box a bit, > here. style="caret-color: rgb(0, 0, 0); font-family: Menlo-Regular; font-size: > 11px; font-style: normal; font-variant-caps: normal; font-weight: normal; > letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: > none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; > text-decoration: none;" class="" />dpOn > 7/1/18 9:28 PM, Al Varnell wrote:As far as the client mirrors.dat file, i! t's updated locally by freshclam to indicate either success or failure for a specific IP. After a specific number of failures (I've forgotten what that is) the IP is given a “time-out” which precludes it's use until some amount of time passes. Under normal circumstances, it's self-correcting over time, but what seems to be happening now is involves multiple failures over an extended time resulting in all mirrors being locked out, requiring manual intervention to delete the file which restarts the process.Sent from my iPad-Al-On Jul 1, 2018, at 21:11, Dennis Peterson mailto:denni...@inetnw.com>> wrote:What makes it a problem? You can never dl it until it is available, so the problem is you become aware of it too soon. But think about what that means. Your choices are to know immediately when an update is available and try to get it, or wait until every mirror is synchonized, become notified, then try. The first choice is a crapshoot you might win. The second choice isn't a crapshoot but it also doesn't save time. Remembering all this is automated the result is actually some uninteresting log entries.It would be interesting to know if an update notice is sent to all mirrors in the fashion of a DNS notification to slaves which would cause a parallel pull, or if the update itself is pushed, and what the process is for updating the client mirrors.dat file.dpOn 7/1/18 9:01 PM, Al Varnell wrote:Seems to me that it's only a problem if it takes a significant amount of time between the DNS update and the mirror updates. I don't have a good feel for how long that is from the postings so far, but it does sound like it may have increased as a result of the move from ClamAV mirrors to the ClamAV CDN.Sen! t from my iPad-Al-On Jul 1, 2018, at 20:38, Dennis Peterson mailto:denni...@inetnw.com>> wrote:On 7/1/18 8:24 PM, Paul Kosinski wrote:My conclusion is that the cause of this is a typical race condition:the DNS TXT record is updated before Cloudflare has propagated the newcvd file to all the mirrors.Is this a problem?dp > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] FreshClam - DNS issues since October 31st
I'm still getting a mixed bag of results on db.AU Sometimes it works and other times I get the following: Mon Nov 13 18:21:35 2017 -> ClamAV update process started at Mon Nov 13 18:21:35 2017 Mon Nov 13 18:21:35 2017 -> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Mon Nov 13 18:22:12 2017 -> nonblock_recv: recv timing out (30 secs) Mon Nov 13 18:22:12 2017 -> WARNING: getfile: Error while reading database from db.AU.clamav.net (IP: 128.199.133.36): Operation now in progress Mon Nov 13 18:22:12 2017 -> WARNING: getpatch: Can't download daily-24039.cdiff from db.AU.clamav.net Mon Nov 13 18:22:13 2017 -> WARNING: getfile: daily-24039.cdiff not found on db.AU.clamav.net (IP: 72.21.91.8) Mon Nov 13 18:22:13 2017 -> WARNING: getpatch: Can't download daily-24039.cdiff from db.AU.clamav.net Mon Nov 13 18:22:14 2017 -> Downloading daily-24039.cdiff [100%] Mon Nov 13 18:22:16 2017 -> daily.cld updated (version: 24039, sigs: 1778849, f-level: 63, builder: neo) Mon Nov 13 18:22:16 2017 -> bytecode.cld is up to date (version: 318, sigs: 75, f-level: 63, builder: raynman) Mon Nov 13 18:22:22 2017 -> Database updated (6345173 signatures) from db.AU.clamav.net (IP: 198.148.78.4) Mon Nov 13 21:21:34 2017 -> -- Mon Nov 13 21:21:34 2017 -> ClamAV update process started at Mon Nov 13 21:21:34 2017 Mon Nov 13 21:21:34 2017 -> WARNING: DNS record is older than 3 hours. Mon Nov 13 21:21:34 2017 -> WARNING: Invalid DNS reply. Falling back to HTTP mode. Mon Nov 13 21:21:34 2017 -> Reading CVD header (main.cvd): Mon Nov 13 21:21:35 2017 -> OK (IMS) Mon Nov 13 21:21:35 2017 -> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Mon Nov 13 21:21:35 2017 -> Reading CVD header (daily.cvd): Mon Nov 13 21:21:35 2017 -> OK Mon Nov 13 21:21:35 2017 -> daily.cld is up to date (version: 24039, sigs: 1778849, f-level: 63, builder: neo) Mon Nov 13 21:21:35 2017 -> Reading CVD header (bytecode.cvd): Mon Nov 13 21:21:36 2017 -> OK Mon Nov 13 21:21:36 2017 -> bytecode.cld is up to date (version: 318, sigs: 75, f-level: 63, builder: raynman) -Original message- > From:Groach> Sent: Tuesday 14th November 2017 6:56 > To: clamav-users@lists.clamav.net > Subject: Re: [clamav-users] FreshClam - DNS issues since October 31st > > On 08/11/2017 21:18, Jeff wrote: > > The last three updates did not have the error. Below is the last error I > > got: > > > > -- > > ClamAV update process started at Wed Nov 08 13:13:12 2017 > > Its ok for me too (not returning DNS errors). (But it says something > about 'cdiff not foundcant download from remote server' from one > server. But thats another thing). > > ClamAV update process started at Tue Nov 07 21:58:00 2017 > main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, > builder: sigmgr) > WARNING: getfile: daily-24020.cdiff not found on remote server (IP: > 193.1.193.64) > WARNING: getpatch: Can't download daily-24020.cdiff from database.clamav.net > Trying host database.clamav.net (129.67.1.218)... > Downloading daily-24020.cdiff [100%] > Downloading daily-24021.cdiff [100%] > Downloading daily-24022.cdiff [100%] > Downloading daily-24023.cdiff [100%] > daily.cld updated (version: 24023, sigs: 1774015, f-level: 63, builder: neo) > Downloading bytecode-317.cdiff [100%] > Downloading bytecode-318.cdiff [100%] > bytecode.cld updated (version: 318, sigs: 75, f-level: 63, builder: raynman) > Database updated (6340339 signatures) from database.clamav.net (IP: > 129.67.1.218) > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam failure - Still ongoing???
Yes, and it still failed. I'm now switching to UK as others seem to have more success with that (for now). -Original message- > From:Al Varnell <alvarn...@mac.com> > Sent: Saturday 26th August 2017 20:49 > To: ClamAV users ML <clamav-users@lists.clamav.net> > Subject: Re: [clamav-users] Freshclam failure - Still ongoing??? > > Did you trash your daily.cld? Joel told us earlier today that those having > this issue would need to get rid of it along with mirrors.dat for freshclam > to function normally again. > > -Al- > > On Aug 25, 2017, at 11:09 PM, Bill Maidment <b...@maidment.me> wrote: > > > This is getting really serious. > > I found a mirror that was working on DE, but now that is failing too. > > > > ERROR: getpatch: Can't download daily-23715.cdiff from 195.30.97.3 > > ERROR: Can't download daily.cvd from 195.30.97.3 > > > > Is this a virus > > > > > > -Original message- > >> From:Dennis Peterson <denni...@inetnw.com> > >> Sent: Saturday 26th August 2017 1:02 > >> To: clamav-users@lists.clamav.net > >> Subject: Re: [clamav-users] Freshclam failure - Still ongoing??? > >> > >> This is abysmal. > >> > >> # freshclam --list-mirrors |grep Success |sort -n -k2 > >> Successes: 0 > >> Successes: 0 > >> Successes: 0 > >> Successes: 0 > >> Successes: 0 > >> Successes: 0 > >> Successes: 0 > >> Successes: 4 > >> Successes: 7 > >> Successes: 8 > >> Successes: 11 > >> Successes: 11 > >> Successes: 19 > >> Successes: 46 > >> Successes: 79 > >> Successes: 81 > >> Successes: 85 > >> Successes: 90 > >> Successes: 176 > >> Successes: 178 > >> Successes: 188 > >> Successes: 215 > >> > >> # freshclam --list-mirrors |grep Fail |sort -n -k2 > >> Failures: 0 > >> Failures: 0 > >> Failures: 2 > >> Failures: 4 > >> Failures: 12 > >> Failures: 19 > >> Failures: 21 > >> Failures: 23 > >> Failures: 55 > >> Failures: 90 > >> Failures: 102 > >> Failures: 109 > >> Failures: 110 > >> Failures: 148 > >> Failures: 148 > >> Failures: 160 > >> Failures: 163 > >> Failures: 183 > >> Failures: 274 > >> Failures: 274 > >> Failures: 275 > >> Failures: 275 > >> > >> # freshclam --list-mirrors |grep -B2 Fail > >> IP: 208.72.56.53 > >> Successes: 0 > >> Failures: 275 > >> -- > >> IP: 200.236.31.1 > >> Successes: 81 > >> Failures: 160 > >> -- > >> IP: 64.6.100.177 > >> Successes: 0 > >> Failures: 274 > >> -- > >> ... > >> > >> dp > >> > >> On 8/25/17 4:00 AM, Joel Esler (jesler) wrote: > >>> On it > >>> > >>> Sent from my iPhone > >>> > >> ___ > >> clamav-users mailing list > >> clamav-users@lists.clamav.net > >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > >> > >> Help us build a comprehensive ClamAV guide: > >> https://github.com/vrtadmin/clamav-faq > >> > >> http://www.clamav.net/contact.html#ml > >> > >> > > ___ > > clamav-users mailing list > > clamav-users@lists.clamav.net > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > -Al- > -- > Al Varnell > Mountain View, CA > > > > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam failure - Still ongoing???
This is getting really serious. I found a mirror that was working on DE, but now that is failing too. ERROR: getpatch: Can't download daily-23715.cdiff from 195.30.97.3 ERROR: Can't download daily.cvd from 195.30.97.3 Is this a virus -Original message- > From:Dennis Peterson> Sent: Saturday 26th August 2017 1:02 > To: clamav-users@lists.clamav.net > Subject: Re: [clamav-users] Freshclam failure - Still ongoing??? > > This is abysmal. > > # freshclam --list-mirrors |grep Success |sort -n -k2 > Successes: 0 > Successes: 0 > Successes: 0 > Successes: 0 > Successes: 0 > Successes: 0 > Successes: 0 > Successes: 4 > Successes: 7 > Successes: 8 > Successes: 11 > Successes: 11 > Successes: 19 > Successes: 46 > Successes: 79 > Successes: 81 > Successes: 85 > Successes: 90 > Successes: 176 > Successes: 178 > Successes: 188 > Successes: 215 > > # freshclam --list-mirrors |grep Fail |sort -n -k2 > Failures: 0 > Failures: 0 > Failures: 2 > Failures: 4 > Failures: 12 > Failures: 19 > Failures: 21 > Failures: 23 > Failures: 55 > Failures: 90 > Failures: 102 > Failures: 109 > Failures: 110 > Failures: 148 > Failures: 148 > Failures: 160 > Failures: 163 > Failures: 183 > Failures: 274 > Failures: 274 > Failures: 275 > Failures: 275 > > # freshclam --list-mirrors |grep -B2 Fail > IP: 208.72.56.53 > Successes: 0 > Failures: 275 > -- > IP: 200.236.31.1 > Successes: 81 > Failures: 160 > -- > IP: 64.6.100.177 > Successes: 0 > Failures: 274 > -- > ... > > dp > > On 8/25/17 4:00 AM, Joel Esler (jesler) wrote: > > On it > > > > Sent from my iPhone > > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam failure
Yeah that worked. Thanks I guess that server will get a good working over now. -Original message- > From:Simon Wilson <si...@simonandkate.net> > Sent: Thursday 24th August 2017 19:26 > To: clamav-users@lists.clamav.net > Subject: Re: [clamav-users] Freshclam failure > > I got mine working by pointing it to 'de' in /etc/freshclam.conf > > ----- Message from Bill Maidment <b...@maidment.me> - > Date: Thu, 24 Aug 2017 19:24:04 +1000 > From: Bill Maidment <b...@maidment.me> > Reply-To: ClamAV users ML <clamav-users@lists.clamav.net> > Subject: Re: [clamav-users] Freshclam failure >To: ClamAV users ML <clamav-users@lists.clamav.net> > > > > It's stil failing here: > > > > wget http://database.clamav.net/main.cvd > > --2017-08-24 19:21:28-- http://database.clamav.net/main.cvd > > Resolving database.clamav.net (database.clamav.net)... 193.1.193.64 > > Connecting to database.clamav.net > > (database.clamav.net)|193.1.193.64|:80... connected. > > HTTP request sent, awaiting response... 404 Not Found > > 2017-08-24 19:21:29 ERROR 404: Not Found. > > > > > > > > -Original message- > >> From:Al Varnell <alvarn...@mac.com> > >> Sent: Thursday 24th August 2017 18:42 > >> To: ClamAV users ML <clamav-users@lists.clamav.net> > >> Subject: Re: [clamav-users] Freshclam failure > >> > >> See previous discussion > >> <http://lists.clamav.net/pipermail/clamav-users/2017-August/004990.html> > >> > >> And Blog announcement earlier today > >> <http://blog.clamav.net/2017/08/cvd-download-issues-for-august-23-2017.html>. > >> > >> Except that users are having some continuing issues tonight. > >> > >> -Al- > >> > >> On Aug 24, 2017, at 1:34 AM, Bill Maidment <b...@maidment.me> wrote: > >> > >> > Hi > >> > I've been using clamav for many years ans suddenly yesterday > >> freshclam failed, first on the JP mirror, then on the AU mirror and > >> now everywhere. > >> > I've tried all the suggested solutions, but nothing obvious in > >> the logs apart from the following: > >> > > >> > ERROR: getpatch: Can't download daily-23699.cdiff from db.AU.clamav.net > >> > ERROR: Can't download daily.cvd from db.AU.clamav.net > >> > ERROR: getpatch: Can't download daily-23699.cdiff from > >> > db.local.clamav.net > >> > ERROR: Can't download daily.cvd from db.local.clamav.net > >> > ERROR: getpatch: Can't download daily-23699.cdiff from > >> > database.clamav.net > >> > ERROR: Can't download daily.cvd from database.clamav.net > >> > > >> > Cheers > >> > Bill Maidment > >> ___ > >> clamav-users mailing list > >> clamav-users@lists.clamav.net > >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > >> > >> > >> Help us build a comprehensive ClamAV guide: > >> https://github.com/vrtadmin/clamav-faq > >> > >> http://www.clamav.net/contact.html#ml > >> > >> > > ___ > > clamav-users mailing list > > clamav-users@lists.clamav.net > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > > - End message from Bill Maidment <b...@maidment.me> - > > > > -- > Simon Wilson > M: 0400 12 11 16 > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam failure
It's stil failing here: wget http://database.clamav.net/main.cvd --2017-08-24 19:21:28-- http://database.clamav.net/main.cvd Resolving database.clamav.net (database.clamav.net)... 193.1.193.64 Connecting to database.clamav.net (database.clamav.net)|193.1.193.64|:80... connected. HTTP request sent, awaiting response... 404 Not Found 2017-08-24 19:21:29 ERROR 404: Not Found. -Original message- > From:Al Varnell <alvarn...@mac.com> > Sent: Thursday 24th August 2017 18:42 > To: ClamAV users ML <clamav-users@lists.clamav.net> > Subject: Re: [clamav-users] Freshclam failure > > See previous discussion > <http://lists.clamav.net/pipermail/clamav-users/2017-August/004990.html> > > And Blog announcement earlier today > <http://blog.clamav.net/2017/08/cvd-download-issues-for-august-23-2017.html>. > > Except that users are having some continuing issues tonight. > > -Al- > > On Aug 24, 2017, at 1:34 AM, Bill Maidment <b...@maidment.me> wrote: > > > Hi > > I've been using clamav for many years ans suddenly yesterday freshclam > > failed, first on the JP mirror, then on the AU mirror and now everywhere. > > I've tried all the suggested solutions, but nothing obvious in the logs > > apart from the following: > > > > ERROR: getpatch: Can't download daily-23699.cdiff from db.AU.clamav.net > > ERROR: Can't download daily.cvd from db.AU.clamav.net > > ERROR: getpatch: Can't download daily-23699.cdiff from db.local.clamav.net > > ERROR: Can't download daily.cvd from db.local.clamav.net > > ERROR: getpatch: Can't download daily-23699.cdiff from database.clamav.net > > ERROR: Can't download daily.cvd from database.clamav.net > > > > Cheers > > Bill Maidment > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Freshclam failure
Hi I've been using clamav for many years ans suddenly yesterday freshclam failed, first on the JP mirror, then on the AU mirror and now everywhere. I've tried all the suggested solutions, but nothing obvious in the logs apart from the following: ERROR: getpatch: Can't download daily-23699.cdiff from db.AU.clamav.net ERROR: Can't download daily.cvd from db.AU.clamav.net ERROR: getpatch: Can't download daily-23699.cdiff from db.local.clamav.net ERROR: Can't download daily.cvd from db.local.clamav.net ERROR: getpatch: Can't download daily-23699.cdiff from database.clamav.net ERROR: Can't download daily.cvd from database.clamav.net Cheers Bill Maidment ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] WARNING: Your ClamAV installation is OUTDATED!
I've updated to clamav-0.97.5 and now I'm getting lots of rejections like Clamd returned error: CL_EFORMAT: Bad format or broken data I've had to revert to 0.97.4 for now. Did I miss some crucial upgrade info? Regards Bill Maidment Maidment Enterprises Pty Ltd -Original message- From: Bill Landry b...@inetmsg.com Sent: Thursday 14th June 2012 9:47 To: clamav-users@lists.clamav.net Subject: [clamav-users] WARNING: Your ClamAV installation is OUTDATED! I've been seeing these notifications for the past few hours: WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.97.4 Recommended version: 0.97.5 but the download link at clamav.net still shows: Latest stable release: ClamAV 0.97.4 (signature – ChangeLog) When will the new release be available for download? Thanks, Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://wiki.clamav.net http://www.clamav.net/support/ml http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP
-Original message- From: Tomasz Kojm tk...@clamav.net Sent: Wed 08-02-2012 22:25 Subject:Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP To: ClamAV users ML clamav-users@lists.clamav.net; On Wed, 8 Feb 2012 11:02:54 +1100 Bill Maidment b...@maidment.vu wrote: I have manually patched 0.97.3, re-compiled, re-installed and restarted clamd, but the ign2 file is still being ignored. [root@stiles clamav]# cat /usr/local/share/clamav/local.ign2 BC.Exploit.CVE_2011_3412 The entry is not complete. The correct one is: BC.Exploit.CVE_2011_3412.{CVE_2011_3412} Thanks for that. I was using the virus name reported by mimedefang. I must remember sigtool to give me the correct name. The fix does work. Cheers Bill Maidment IT Consultant to Elgas Ltd Phone: 02 4294 3649 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP
-Original message- From: Ralf Hildebrandt ralf.hildebra...@charite.de Sent: Wed 08-02-2012 00:16 Subject:[clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP To: clamav-users@lists.clamav.net; Hi! I'm trying to disable this signature, since it's giving my FPs for some XLS files (yes, I already submitted it as FP today): mail2:/var/lib/clamav# sigtool --find-sigs=BC.Exploit.CVE_2011_3412 [0001114551.cbc BYTECODE] BC.Exploit.CVE_2011_3412.{CVE_2011_3412};Engine:56-255,Target:0;(01);0:d0cf11e0 a1b11ae1;*:1c000404 mail2:/var/lib/clamav# cat local.ign2 BC.Exploit.CVE_2011_3412.{CVE_2011_3412} BC.Exploit.CVE_2011_3412 CVE_2011_3412 (I tried 3 different ways of disabling the signature) I restarted clamd, but still the mails are stopped as infected: Tue Feb 7 13:33:09 2012 - /var/amavis/amavis-20120207T133055-06780-qWTSSGIn/parts/p004: BC.Exploit.CVE_2011_3412(6988ecb2df20c8d0a4f43ccdc4008136:1782277) FOUND Tue Feb 7 13:33:09 2012 - /var/amavis/amavis-20120207T133055-06780-qWTSSGIn/parts/p002: BC.Exploit.CVE_2011_3412(39fd7b52d5cde9f8599267f1eb0c5aab:1317888) FOUND What am I doing wrong here? Running clamv 0.97.3 It's the same story here. We've had to switch off all bytecode rules in the conf file. Not ideal. Cheers Bill Maidment IT Consultant to Elgas Ltd Phone: 02 4294 3649 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP
-Original message- From: Tomasz Kojm tk...@clamav.net Sent: Wed 08-02-2012 09:29 Subject:Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP To: clamav-users@lists.clamav.net; On Tue, 07 Feb 2012 23:11:24 +0100 Tomasz Kojm tk...@clamav.net wrote: On Tue, 7 Feb 2012 23:07:05 +0100 Ralf Hildebrandt ralf.hildebra...@charite.de wrote: Have you tried that for a bytecode signature? sigtool --find-sigs=BC.Exploit.CVE_2011_3412 doesn't emit a line number. Fields are not seperated with : but with ; The bytecode loader indeed seems to ignore local.ign2, I'm looking into it The problem is now fixed in master 0.97 branches: Thanks Tomasz The patch doesn't line up with 0.97.3 source. Do I have to manually patch that? [root@stiles clamav-0.97.3]# patch -p1 --dry-run ../fix.diff patching file libclamav/readdb.c Hunk #1 succeeded at 1192 (offset -4 lines). Hunk #2 FAILED at 1218. Hunk #3 FAILED at 1388. Hunk #4 succeeded at 1409 (offset -6 lines). Hunk #5 FAILED at 1476. Hunk #6 FAILED at 1484. Hunk #7 succeeded at 1491 with fuzz 2 (offset -6 lines). 4 out of 7 hunks FAILED -- saving rejects to file libclamav/readdb.c.rej [root@stiles clamav-0.97.3]# Cheers Bill Maidment IT Consultant to Elgas Ltd Phone: 02 4294 3649 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP
-Original message- From: Bill Maidment b...@maidment.vu Sent: Wed 08-02-2012 09:53 Subject:Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP To: clamav-users@lists.clamav.net; -Original message- From: Tomasz Kojm tk...@clamav.net Sent: Wed 08-02-2012 09:29 Subject: Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP To: clamav-users@lists.clamav.net; On Tue, 07 Feb 2012 23:11:24 +0100 Tomasz Kojm tk...@clamav.net wrote: On Tue, 7 Feb 2012 23:07:05 +0100 Ralf Hildebrandt ralf.hildebra...@charite.de wrote: Have you tried that for a bytecode signature? sigtool --find-sigs=BC.Exploit.CVE_2011_3412 doesn't emit a line number. Fields are not seperated with : but with ; The bytecode loader indeed seems to ignore local.ign2, I'm looking into it The problem is now fixed in master 0.97 branches: Thanks Tomasz The patch doesn't line up with 0.97.3 source. Do I have to manually patch that? I have manually patched 0.97.3, re-compiled, re-installed and restarted clamd, but the ign2 file is still being ignored. [root@stiles clamav]# cat /usr/local/share/clamav/local.ign2 BC.Exploit.CVE_2011_3412 [root@stiles clamav]# Wed Feb 8 10:49:39 2012 - /var/spool/MIMEDefang/mdefang-q17NnSa7022557/Work/msg-30733-35.xls: BC.Exploit.CVE_2011_3412 FOUND Cheers Bill Maidment IT Consultant to Elgas Ltd Phone: 02 4294 3649 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Upcoming release of ClamAV (0.96.5)
) [with _BI1 = __gnu_cxx::__normal_iteratorllvm::SDISelAsmOperandInfo*, std::vectorllvm::SDISelAsmOperandInfo, std::allocatorllvm::SDISelAsmOperandInfo , _BI2 = __gnu_cxx::__normal_iteratorllvm::SDISelAsmOperandInfo*, std::vectorllvm::SDISelAsmOperandInfo, std::allocatorllvm::SDISelAsmOperandInfo ]’ /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/bits/stl_algobase.h:517: instantiated from ‘_BI2 std::copy_backward(_BI1, _BI1, _BI2) [with _BI1 = __gnu_cxx::__normal_iteratorllvm::SDISelAsmOperandInfo*, std::vectorllvm::SDISelAsmOperandInfo, std::allocatorllvm::SDISelAsmOperandInfo , _BI2 = __gnu_cxx::__normal_iteratorllvm::SDISelAsmOperandInfo*, std::vectorllvm::SDISelAsmOperandInfo, std::allocatorllvm::SDISelAsmOperandInfo ]’ /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/bits/vector.tcc:257: instantiated from ‘void std::vector_Tp, _Alloc::_M_insert_aux(__gnu_cxx::__normal_iteratortypename std::_Vector_base_Tp, _Alloc::_Tp_alloc_type::pointer, std::vector_Tp, _Alloc , const _Tp) [with _Tp = llvm::SDISelAsmOperandInfo, _Alloc = std::allocatorllvm::SDISelAsmOperandInfo]’ /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/bits/stl_vector.h:610: instantiated from ‘void std::vector_Tp, _Alloc::push_back(const _Tp) [with _Tp = llvm::SDISelAsmOperandInfo, _Alloc = std::allocatorllvm::SDISelAsmOperandInfo]’ llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp:5346: instantiated from here /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/bits/stl_algobase.h:408: warning: lowering visibility of ‘static _BI2 std::__copy_backward_BoolType, std::random_access_iterator_tag::copy_b(_BI1, _BI1, _BI2) [with _BI1 = llvm::SDISelAsmOperandInfo*, _BI2 = llvm::SDISelAsmOperandInfo*, bool _BoolType = false]’ to match its type CXXSelectionDAGISel.lo SKIP: check_clamav PASS: check_freshclam.sh PASS: check_sigtool.sh SKIP: check_unit_vg.sh PASS: check1_clamscan.sh PASS: check2_clamd.sh PASS: check3_clamd.sh PASS: check4_clamd.sh SKIP: check5_clamd_vg.sh SKIP: check6_clamd_vg.sh SKIP: check7_clamd_hg.sh SKIP: check8_clamd_hg.sh SKIP: check9_clamscan_vg.sh == All 6 tests passed (7 tests were not run) == Cheers Bill Maidment Consultant to Elgas Ltd ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Upcoming release of ClamAV
-Original message- You can help by testing (or just running ./configure make check) the latest code available in our Git repository - the latest snapshot tarball can be grabbed here: ./configure gives the Warning message checking for CVE-2010-0405... bugged configure: WARNING: ** bzip2 libraries are affected by the CVE-2010-0405 bug configure: WARNING: ** We strongly suggest you to update bzip2 configure: WARNING: ** Please do not report stability problems to the ClamAV developers! I am running on RHEL 6 Beta2 and the version of bzip2 is: bzip2-1.0.5-6.1.el6.x86_64 I would have thought RedHat would have fixed their version of bzip2. How does ./configure check bzip2? Is it just by version number? Cheers Bill Maidment Consultant to Elgas Ltd Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Upcoming release of ClamAV
-Original message- You can help by testing (or just running ./configure make check) the latest code available in our Git repository - the latest snapshot tarball can be grabbed here: http://git.clamav.net/gitweb?p=clamav-devel.git;a=snapshot;h=refs/heads/master;s f=tgz make check reports several errors for RHEL 6 Beta2. See attached log file. Cheers Bill Maidment Consultant to Elgas Ltd Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon?___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] OT: best ClamAV changelog entry
-Original message- To: clamav-users@lists.clamav.net; From: G.W. Haywood g...@jubileegroup.co.uk Sent: Thu 07-10-2010 23:41 Subject:Re: [Clamav-users] OT: best ClamAV changelog entry Hi there, On Thu, 7 Oct 2010 Steve Basford wrote: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=42ab31d897c0d67b89467 cfe34532c8b421d2c95 Bought the wife some neodymium magnets for her birthday, but I didn't even know you could get that sort. Maybe next birthday. :) -- 73, Ged. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml Lovely. My wife didn't appreciate them either. Cheers Bill Maidment Consultant to Elgas Ltd Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] No debian woody support anymore?
Simon, Mark, Are you ever going to get over it and move on? If you are unhappy with ClamAVs decision take your bat and ball and go to some other ball park. Here. Here! Enough is enough! There are more important things to consider. Do I take tea, or coffee? One lump, or two? Have a nice day. Bill Maidment Consultant to Elgas Ltd It's important to keep your rough edges - Neil Hannon ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] clamav-0.95.3 fails to compile in Fedora 10
Hi The new 0.95.3 fails to compile in Fedora 10, but does compile OK in Fedora 11. The Git snapshot does compile in Fedora 10, so obviously it has been fixed there. Will a 0.95.3.1 release be imminent? Cheers Bill -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu Consultant to Elgas Ltd Phone: 02 9904 3364 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] clamav-0.95.3 fails to compile in Fedora 10
Hi The new 0.95.3 fails to compile in Fedora 10, but does compile OK in Fedora 11. The Git snapshot does compile in Fedora 10, so obviously it has been fixed there. Will a 0.95.3.1 release be imminent? Cheers Bill This is on a 64 bit machine. Compile error details: libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\/usr/local/lib64\ -g -O2 -fno-strict-aliasing -MT libclamav_la-matcher-bm.lo -MD -MP -MF .deps/libclamav_la-matcher-bm.Tpo -c matcher-bm.c -fPIC -DPIC -o .libs/libclamav_la-matcher-bm.o In file included from matcher.h:29, from others.h:22, from matcher-bm.c:30: others.h: In function cli_getpagesize: others.h:363: error: _SC_PAGESIZE undeclared (first use in this function) others.h:363: error: (Each undeclared identifier is reported only once others.h:363: error: for each function it appears in.) make[4]: *** [libclamav_la-matcher-bm.lo] Error 1 -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu Consultant to Elgas Ltd Phone: 02 9904 3364 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamav-0.95.3 fails to compile in Fedora 10
On Thu, 29 Oct 2009 09:55:15 - (GMT), Steve Basford wrote Hi same Error on FreeBSD 4.10 This fix was added yesterday, so that might be the issue: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=e889924a70e881e0d74ade2b53b5255b94523161 ie: unistd.h - standard symbolic constants and types: (int getpagesize(void); (LEGACY)) Cheers, Steve Sanesecurity ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml Yep. That did the trick. (I wonder why Fedora 11 didn't have the issue???) Anyway thanks for the input. -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu Consultant to Elgas Ltd Phone: 02 9904 3364 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Australian Bush Fires
On Sun, 8 Feb 2009 11:40:47 + (GMT), G.W. Haywood wrote Hi guys, On Sun, 8 Feb 2009 Bill Maidment wrote: [religious claptrap snipped] Please take the religion somewhere else, this is the 21st century. Oh what a sad society we live in, that no one cares about the suffering of our fellow human beings. Is the clamav community so callous? God help you. Goodbye -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu Consultant to Elgas Ltd Phone: 02 9904 3364 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Australian Bush Fires
I'm sorry to hijack this thread, but I wish there was some way to avert the bush fire tragedies that are happening in Australia today. 49 people have lost their lives (and probably many more as complete townships have been wiped out). 650 homes are known to have been destroyed bu fire in the state of Victoria alone. While spam/viruses are responsible for a great deal of human suffering, please spare a few prayers for those suffering from the bushfire tragedies in Australia. I thank this community for it's fight against spam/viruses; it is greatly appreciated. Please spare a few thoughts for those families who have lost loved ones today. Regards Bill -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu Consultant to Elgas Ltd Phone: 02 9904 3364 k ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Australian Bush Fires
Guys I make no more apologies. It's getting worse. 65 are now confirmed dead. 700 properties destroyed. I know you cannot help practically, just as we felt unable to help at 9/11 Keep praying. Regards VBill -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu Consultant to Elgas Ltd Phone: 02 9904 3364 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Australian Bush Fires
On Sun, 8 Feb 2009 10:11:52 +0300, Odhiambo Washington wrote On Sun, Feb 8, 2009 at 9:38 AM, Bill Maidment b...@maidment.vu wrote: I'm sorry to hijack this thread, but I wish there was some way to avert the bush fire tragedies that are happening in Australia today. 49 people have lost their lives (and probably many more as complete townships have been wiped out). 650 homes are known to have been destroyed bu fire in the state of Victoria alone. While spam/viruses are responsible for a great deal of human suffering, please spare a few prayers for those suffering from the bushfire tragedies in Australia. I thank this community for it's fight against spam/viruses; it is greatly appreciated. Please spare a few thoughts for those families who have lost loved ones today. I'm sorry for the families that have lost loved ones. One thing worries me though: These bush fires are like an epidemic in Oz, that has no cure? Every year I hear about the bush fires in Oz, much like an epidemic without medicine. Oz govt can create fire barriers around places inhabited by people, no? Then there are the California fires. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ The only time a woman really succeeds in changing a man is when he is a baby. - Natalie Wood ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml So no one has the solution, except God. Pray. Pray. Pray. To Him. We pray when you have issues. God answers. -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu Consultant to Elgas Ltd Phone: 02 9904 3364 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
On Thu, 16 Oct 2008 17:41:50 -0700, John Rudd wrote Tomasz Kojm wrote: Freshclam also submits information about detections with 3rd party signatures. We only have one host in our environment that does freshclam (or any of the other virus signature update mechanisms). Same here. Also with this setup we get logwatch warning messages as follows: - clam-update Begin No updates detected in the log for the freshclam daemon (the ClamAV update process). If the freshclam daemon is not running, you may need to restart it. Other options: A. If you no longer wish to run freshclam, deleting the log file (default is freshclam.log) will suppress this error message. B. If you use a different log file, update the appropriate configuration file. For example: echo LogFile = log_file /etc/logwatch/conf/logfiles/clam-update.conf where log_file is the filename of the freshclam log file. C. If you are logging using syslog, you need to indicate that your log file uses the syslog format. For example: echo *OnlyService = freshclam /etc/logwatch/conf/logfiles/clam-update.conf echo *RemoveHeaders /etc/logwatch/conf/logfiles/clam-update.conf -- clam-update End - In spite of following the suggestions, these message still come out every day. We are not running clamd on this server. Could it be that logwatch is checking for something produced by clamd instead of freshclam? -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu One-armed Consultant to Elgas Ltd Phone: 02 9904 3364 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Outdated Engine warning suppress
On Wed, 15 Oct 2008 13:00:07 +0100, clamav-users-bounces wrote I'm running Debian in a production environment, I cannot afford using the volatile repository, meaning that my engine will always be outdated. I too run in a Production environment, and I cannot afford NOT to use the volatile repository. That's the nature of Spam/Viruses. It's a volatile world. Live with it. -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu One-armed Consultant to Elgas Ltd Phone: 02 9904 3364 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Webinar Recording
On Mon, 08 Sep 2008 12:53:48 +0100, Nigel Horne wrote Folks, Edwin's Webinar given last week on the topic of 0.94 is now available for download from https://sourcefire.webex.com/sourcefire/lsr.php?AT=pbSP=ECrID=12075182rKey=51C99713B66EECED So how do I play the .arf in Fedora 9 ? -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu One-armed Consultant to Elgas Ltd Phone: 02 9904 3364 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Webinar Recording
On Mon, 08 Sep 2008 17:39:16 -0700, Dennis Peterson wrote Bill Maidment wrote: On Mon, 08 Sep 2008 12:53:48 +0100, Nigel Horne wrote Folks, Edwin's Webinar given last week on the topic of 0.94 is now available for download from https://sourcefire.webex.com/sourcefire/lsr.php?AT=pbSP=ECrID=12075182rKey=51C99713B66EECED So how do I play the .arf in Fedora 9 ? Use VMPlayer to run a Windows virtual machine in Fedora. I'm not buying Windoze just to watch the webinar. Think again. -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu One-armed Consultant to Elgas Ltd Phone: 02 9904 3364 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Webinar Recording
On Mon, 08 Sep 2008 20:23:20 -0700, Dennis Peterson wrote It was humor. I think Windows-centric presentations are kinda sucky. I use a Mac so had no problems but would not have been able, so far as I know, to see it from the office where I have only Unix. A smiley or two might have given me a hint ;-) 8-) -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu One-armed Consultant to Elgas Ltd Phone: 02 9904 3364 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] announcing ClamAV 0.94rc1
On Tue, 19 Aug 2008 13:51:37 +0100 (BST), G.W. Haywood wrote Hi there, On Tue, 19 Aug 2008 Brian Morrison wrote: On Mon, 18 Aug 2008 10:59:29 +0100 G.W. Haywood wrote: On Mon, 18 Aug 2008, Luca Gibelli wrote: ... release candidate for 0.94. I started to download it, but when I saw that it was going to be just under 20 megabytes I cancelled it. Well it's not *that* big! My point was that it's ten times as big as it should be and apparently it's growing without bound. This is because it contains a database, which is of course probably a useless copy of the one already on the machine which will be running the new version of clamav. If it isn't, that's most probably because it's out of date, and it will be deleted. It's insane. I agree with the sentiment, but it's not quite insane. I think it is quite reasonable to provide a complete package that will give reasonable protection straight out of the box. Perhaps we could have two versions; one with a recent database, and one with an empty database. Then let the user decide which he requires. Cheers and thank for all the hard work. Bill -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu Consultant to Elgas Ltd Phone: 02 9904 3364 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.93.1RC1
On Wed, 28 May 2008 15:08:28 +0100, Nigel Horne wrote Dear All, As you may have seen, the first release candidate of 0.93.1 was published earlier this week. We welcome any feedback and bugs on this RC prior to the release of 0.93.1, which is currently scheduled for 6th June. It doesn't matter if you don't have a test environment, you can still help us for example by downloading the release candidate and checking it compiles on your system even if you don't install it; we particularly welcome reports on platform compatibility. Compiled OK and is now running on Fedora 8 9 64-bit Athlon/Opteron machines. Good work. -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu Consultant to Elgas Ltd Phone: 02 9904 3364 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Request for Testing
On Mon, 17 Mar 2008 17:24:16 +0100, Tomasz Kojm wrote Dear ClamAV users, It's *very* important for us to get your feedback about the changes in 0.93RC1. It's the best time to report any problems with this RC so they can get fixed before the final release! Hi Tomasz Thanks for all your hard work. I have been running 0.93rc1 since 5th March on AMD X2 64-bit machines with no ill effects. It was fortuitous that you changed the config parameter names, as it forced me to review my existing settings and I found a few mistakes. Thanks again Bill -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu Off-site consultant to Elgas Ltd Phone: 02 9904 3364 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] What's this? I can't believe it!
On Sun, 20 Jan 2008 07:25:32 -0500, Gerard wrote On Sun, 20 Jan 2008 11:47:57 + (GMT) G.W. Haywood [EMAIL PROTECTED] wrote: [snip] My personal policy is to delete all files which have names ending in .exe, and I suggest that everyone should consider that approach. Why? On a none Win32 machine, the chance of such a file causing problems is nil and on a Win32 machine using such a 'scorched earth' policy would prove catastrophic. It would seem far wiser to simply refuse such files from users you are not acquainted with and properly screen such files from users who are familiar to you. Just my 2¢. -- Gerard [EMAIL PROTECTED] I am just a nice, clean-cut Mongolian boy. Yul Brynner, 1956 I prefer a scorched earth to a scorched ass! Especially with a server that is trying to protect Winoze users from their own stupidity. There are far too many users who will gladly click on anything if you tell them to. The default mimedefang filter flags almost all known executable suffixes as suspicious. If someone must send an executable file, then ask them to obfuscate the suffix according to a known plan. e.g. using fyf instead of exe And don't think you can simply zip the file, because mimedefang unzips before checking the file suffix. Just my AUD 2c + GST -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu Off-site consultant to Elgas Ltd ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to increase freshclam's log file limit
On Mon, 21 Jan 2008 15:32:59 +1100, James Brown wrote My freshclam.log only shows entries like: Log size = 11242653, max = 1048576 LOGGING DISABLED (Maximal log file size exceeded). How can I increase the max log file size? Try putting something like this in /etc/logrotate.d/freshclam (or wherever). This will will stop it getting too big. /var/log/freshclam.log { missingok notifempty sharedscripts postrotate /etc/init.d/freshclam restart /dev/null 21 || true endscript } -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu Off-site consultant to Elgas Ltd ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Updated unofficial signatures download script
On Fri, 07 Sep 2007 12:54:52 -0700, Bill Landry wrote Folks, I just posted an update of my unofficial-sigs.sh script to my FTP server. It can be downloaded from: ftp://ftp.inetmsg.com/pub/unofficial-sigs.sh I tried to down load, but I get: An FTP protocol error occurred while trying to retrieve the URL: ftp://ftp.inetmsg.com/pub/unofficial-sigs.sh Squid sent the following FTP command: PASS yourpassword and then received this reply OOPS: reading non-root config file Your cache administrator is root What's wrong? Cheers Bill -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav 0.91.2 is out. Don't use it.
On Tue, 21 Aug 2007 04:53:28 -0700, John Rudd wrote It has a dangerous (lack of) value for CL_SCAN_STDOPT. You're better off not upgrading until they fix it. (filed as bug 631, but it's nothing new: CL_SCAN_STDOPT still doesn't include CL_SCAN_PHISHING_DOMAINLIST; that omission can cause crashing and hanging on certain platforms ... the clamav team already knows about this problem, and they even enable that option as a default in clamscan, just not in the CL_SCAN_STDOPT defined value ... my suggestion is to not upgrade until they release a version that fixes this problem) Does this problem exist in 0.91.1 ? If so then upgrading to 0.91.2 will not make things worse! -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-0.90.2 crashes - solved
On Tue, 17 Apr 2007 08:01:28 -0700, Dennis Peterson wrote Bill Maidment wrote: Guys A couple of days ago I reported clamav crashing on my 64 bit machine. It turns out that the fc5/fc6 rpms for xen kernels 2.6.20 are *all* broken. Backtracking to the 2.6.19-1.2911 kernel solved it. Sorry for the noise. So it sounds like a problem with the rpm, not ClamAV. Did you try building from source? It's the kernel-xen rpms that are faulty, nothing wrong with clamav (which I alsways build from source). Building kernel-xen from source is something I don't have time for. -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav-0.90.2 crashes - solved
Guys A couple of days ago I reported clamav crashing on my 64 bit machine. It turns out that the fc5/fc6 rpms for xen kernels 2.6.20 are *all* broken. Backtracking to the 2.6.19-1.2911 kernel solved it. Sorry for the noise. -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] *.cvd again!
On Thu, 12 Apr 2007 12:20:17 +0200, Tomasz Kojm wrote On Thu, 12 Apr 2007 11:57:12 +0200 Guillermo Gómez Valcárcel [EMAIL PROTECTED] wrote: I have the same symptoms. I wrote my symptoms in another post with subject: ERROR: reload db failed: Broken or not a CVD file http://lurker.clamav.net/message/20070411.175950.b7329d9f.en.html Guys I've been following the list on this problem and I believe that we may be barking up the wrong tree. My set up is clamav 0.90.1 but I retrieve the .cvd files into a central server. One mail server (i386) retrieved the .cvd files OK from that server, but the other server (x86_64) failed to retrieve exactly the same .cvd file and shut down the clamd service. Log files for all servers attached. I think there is a bug in clamav, which for me showed up in the x86_64 compile but not the i386 compile. Well that's my view on it. At least it's made me set up clamdwatch. I hope this helps us. Cheers Bill -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] *.cvd again! attachment fixed
On Thu, 12 Apr 2007 12:20:17 +0200, Tomasz Kojm wrote On Thu, 12 Apr 2007 11:57:12 +0200 Guillermo Gómez Valcárcel [EMAIL PROTECTED] wrote: I have the same symptoms. I wrote my symptoms in another post with subject: ERROR: reload db failed: Broken or not a CVD file http://lurker.clamav.net/message/20070411.175950.b7329d9f.en.html Guys I've been following the list on this problem and I believe that we may be barking up the wrong tree. My set up is clamav 0.90.1 but I retrieve the .cvd files into a central server. One mail server (i386) retrieved the .cvd files OK from that server, but the other server (x86_64) failed to retrieve exactly the same .cvd file and shut down the clamd service. Log files for all servers attached. I think there is a bug in clamav, which for me showed up in the x86_64 compile but not the i386 compile. Well that's my view on it. At least it's made me set up clamdwatch. I hope this helps us. Cheers Bill Seems the attachment has a problem, so here it is in stream: Central Server picks up updates from database.clamav.net = Received signal: wake up ClamAV update process started at Wed Apr 11 20:16:22 2007 Connecting via squid main.cvd is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) Connecting via squid Downloading daily.cvd [100%] daily.cvd updated (version: 3066, sigs: 3294, f-level: 14, builder: arnaud) Database updated (107794 signatures) from database.clamav.net -- Received signal: wake up ClamAV update process started at Wed Apr 11 20:31:28 2007 Connecting via squid main.cvd is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) Connecting via squid Downloading daily.cvd [100%] daily.cvd updated (version: 3067, sigs: 3376, f-level: 14, builder: ccordes) Database updated (107876 signatures) from database.clamav.net -- Internal Server (i386) picks up update from Central Server = Received signal: wake up ClamAV update process started at Wed Apr 11 20:41:02 2007 Connecting via squid main.cvd is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) Connecting via squid Downloading daily.cvd [100%] daily.cvd updated (version: 3067, sigs: 3376, f-level: 14, builder: ccordes) Database updated (107876 signatures) from camera1.maidment.vu -- Received signal: wake up ClamAV update process started at Wed Apr 11 20:56:02 2007 Connecting via squid main.cvd is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) Connecting via squid daily.cvd is up to date (version: 3067, sigs: 3376, f-level: 14, builder: ccordes) -- Received signal: wake up ClamAV update process started at Wed Apr 11 21:11:02 2007 Connecting via squid main.cvd is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) Connecting via squid daily.cvd is up to date (version: 3067, sigs: 3376, f-level: 14, builder: ccordes) -- Internal Server (x86_64) detects database change Apr 11 19:12:04 mail7 clamd[31984]: SelfCheck: Database status OK. Apr 11 19:46:06 mail7 clamd[31984]: SelfCheck: Database status OK. Apr 11 20:21:17 mail7 clamd[31984]: SelfCheck: Database status OK. Apr 11 21:05:56 mail7 clamd[31984]: SelfCheck: Database modification detected. Forcing reload. Apr 11 21:05:56 mail7 clamd[31984]: Reading databases from /usr/local/share/clamav Apr 11 21:05:58 mail7 clamd[31984]: reload db failed: MD5 verification error Apr 11 21:05:58 mail7 clamd[31984]: Terminating because of a fatal error. Apr 11 21:06:00 mail7 clamd[31984]: Socket file removed. Apr 11 21:06:00 mail7 clamd[31984]: --- Stopped at Wed Apr 11 21:06:00 2007 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav log file mystery on 0.90.1
Hi I have a small mystery on file permissions for the clamav log file. I am running clamd through mimedefang (user defang) and so in /etc/group I have: defang:x:2504: clamav:x:2505:clamav,defang and the log file has: -rw-rw 1 clamav clamav 35736 Mar 6 15:13 /var/log/clam-update.log But, I get the following when I start clamd Starting clamd: Running as user defang (UID 2504, GID 2504) ERROR: Can't open /var/log/clam-update.log in append mode (check permissions!). ERROR: Problem with internal logger. Please check the permissions on the /var/log/clam-update.log file. [FAILED] When I change the permissions on /var/log/clam-update.log to 0666 it works OK. This error has only occurred since I updated from 0.88.7 to 0.90.1 Any ideas on what I have got wrong? Or is this a new feature? Cheers Bill -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] clamav log file mystery on 0.90.1
On Wed, 14 Mar 2007 23:45:05 GMT, Mark wrote -Original Message- Did you put this in its new format? (with booleans). AllowSupplementaryGroups true Ah! The new feature :-) I missed that. Thanks. All working well now. -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Can't open directory /var/db/clamav/daily.inc
On Thu, 1 Mar 2007 11:04:01 -0800 (PST), Zivago Lee wrote On Thursday March 01, 2007 at 12:45:20 (PM) John W. Baxter wrote: The way our system operates, we learned of the problem well after the 700 permissions were set up, when I restarted our mail processing system for another reason. (We run two processing systems per machine--handling submitted mail and handling incoming-from-the-world mail, each under its own user, so 700 is difficult for us.) You might be able to script something to check the permissions and change them if they are not what you expected. Probably running it via CRON would take care of the problem. I was looking at the freshclam.conf file and I see this: #OnUpdateExecute command Maybe we can put in 'chmod 755' on the directory once it runs an update... Any thoughts? That's what I have been doing. And it works if you remember to take out the hash ;-) Cheers -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Fw: [Mimedefang] [PATCH] Mimedefang and clamd/clamav 0.90
I received this from the mimedefang list and I've applied the patch. Now pdfs can be sent and received OK. This is only a workaround, but it may help others until it gets sorted out. Cheers Bill -- Forwarded Message --- From: Martin Blapp [EMAIL PROTECTED] To: mimedefang@lists.roaringpenguin.com Sent: Sat, 17 Feb 2007 08:39:19 +0100 (CET) Subject: [Mimedefang] [PATCH] Mimedefang and clamd/clamav 0.90 Hi David, If you use mimedefang 2.61 and clamd 0.90 together you will soon notice a lot of errors in your maillog: Feb 15 19:05:45 filter1 mimedefang.pl[80173]: l1FI5gps090153: Clamd returned error: Zip module failure For this kind of error we have a fallback to clamscan in your config files. Unfortunalty the fallback doesn't work anymore, because the clamav folks have removed the --mbox option. And I found other mails failing with this error: Feb 16 21:34:18 filter1 mimedefang.pl[80173]: l1GKY0OX024228: Clamd returned error: Not supported data format Nice. After adding Not supported data format to the zip regex, the mails were checked sucessfully by clamscan instead of tempfailing. I guess we need this workaround too. Martin --- mimedefang.pl.in.orig Thu Jan 18 15:43:12 2007 +++ mimedefang.pl.inSat Feb 17 08:29:06 2007 @@ -3669,7 +3669,7 @@ # Run clamscan my($code, $category, $action) = - run_virus_scanner($Features{'Virus:CLAMAV'} . --mbox --stdout --disable-summary --infected $path 21); + run_virus_scanner($Features{'Virus:CLAMAV'} . --stdout --disable-summary --infected $path 21); if ($action ne 'proceed') { return (wantarray ? ($code, $category, $action) : $code); } @@ -3693,7 +3693,7 @@ # Run clamscan my($code, $category, $action) = - run_virus_scanner($Features{'Virus:CLAMAV'} . -r --mbox --stdout --disable-summary --infected ./Work 21); + run_virus_scanner($Features{'Virus:CLAMAV'} . -r --stdout --disable-summary --infected ./Work 21); if ($action ne 'proceed') { return (wantarray ? ($code, $category, $action) : $code); } @@ -4506,10 +4506,10 @@ md_syslog('err', $MsgID: Clamd returned error: $err_detail); # If it's a zip module failure, try falling back on clamscan. # This is despicable, but it might work - if ($err_detail =~ /zip module failure/i + if ($err_detail =~ /(?:zip module failure|Not supported data format)/i $Features{'Virus:CLAMAV'}) { my ($code, $category, $action) = - run_virus_scanner($Features{'Virus:CLAMAV'} . -r --unzip --mbox --stdout --disable-summary --infected $CWD/Work 21); + run_virus_scanner($Features{'Virus:CLAMAV'} . -r --unzip --stdout --disable-summary --infected $CWD/Work 21); if ($action ne 'proceed') { return (wantarray ? ($code, $category, $action) : $code); } @@ -4603,10 +4603,10 @@ md_syslog('err', $MsgID: Clamd returned error: $err_detail); # If it's a zip module failure, try falling back on clamscan. # This is despicable, but it might work - if ($err_detail =~ /zip module failure/i + if ($err_detail =~ /(?:zip module failure|Not supported data format)/i $Features{'Virus:CLAMAV'}) { my ($code, $category, $action) = - run_virus_scanner($Features{'Virus:CLAMAV'} . -r --unzip --mbox --stdout --disable-summary --infected $CWD/Work 21); + run_virus_scanner($Features{'Virus:CLAMAV'} . -r --unzip --stdout --disable-summary --infected $CWD/Work 21); if ($action ne 'proceed') { return (wantarray ? ($code, $category, $action) : $code); } Martin Blapp, [EMAIL PROTECTED] [EMAIL PROTECTED] -- ImproWare AG, UNIXSP ISP, Zurlindenstrasse 29, 4133 Pratteln, CH Phone: +41 61 826 93 00 Fax: +41 61 826 93 01 PGP: finger -l [EMAIL PROTECTED] PGP Fingerprint: B434 53FC C87C FE7B 0A18 B84C 8686 EF22 D300 551E -- --- End of Forwarded Message --- -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang --- mimedefang.pl.in.orig Thu Jan 18 15:43:12 2007 +++ mimedefang.pl.inSat Feb 17 08:29:06 2007 @@ -3669,7 +3669,7 @@ # Run clamscan my($code, $category, $action) = - run_virus_scanner($Features{'Virus:CLAMAV'} . --mbox --stdout --disable-summary --infected $path 21
Re: [Clamav-users] Re: pdf zip module failure
On Fri, 16 Feb 2007 15:56:48 +, Ian Abbott wrote On 15/02/2007 04:23, Bill Maidment wrote: Hi again I'm using clamav-0.90 with mimedefang-2.61, spamassassin-3.1.7 and sendmail-8.14.0 I'm now getting errors as follows: /var/spool/MIMEDefang/mdefang-l1DD1Lfh016597/Work/msg-15039-625.pdf: Zip module failure ERROR This used to happen in clamav-0.88.3 Has the bug been re-introduced? Or should I be looking elsewhere? PDF scanning is new in 0.90, so it won't be the same bug. Maybe you should submit a bug report with a sample PDF file. It sounds similar to bug #43 on clamav's bugzilla, but that is supposedly fixed. Maybe this is a new bug. Thanks for the response. How do you switch off pdf scanning, so I can get the the pdf in. Then I'll be able to post it with a bug report. (That's if they send me another pdf). Cheers Bill -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] freshclam with clamav0.90
Thanks guys for the great new release. It's working well. The change to the new parameter style was easy and is now more logical. The change to diffs for the daily cvd is good, but it has caused me a problem. I used to run a single freshclam server to download from the mirrors, and then all the other servers and clamwin users download from that server. This still works if I have ScriptedUpdates off, but doesn't work with ScriptedUpdates on. Is there a way to create diff files on my download server? Or is there a better way to handle this? Cheers Bill -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] pdf zip module failure
Hi again I'm using clamav-0.90 with mimedefang-2.61, spamassassin-3.1.7 and sendmail-8.14.0 I'm now getting errors as follows: /var/spool/MIMEDefang/mdefang-l1DD1Lfh016597/Work/msg-15039-625.pdf: Zip module failure ERROR This used to happen in clamav-0.88.3 Has the bug been re-introduced? Or should I be looking elsewhere? Cheers Bill -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav-0.90rc3 on FC6/x86_64
Hi Guys I've downloaded and compiled OK on an FC6/i386 machine, but cannot compile on FC6/x86_64 machines because it compains about /ust/lib/libidn.so being missing. Putting a link to /usr/lib/libidn.so.11.5.16 didn't work either. Finally, in desperation, I did ln -s /usr/lib64/libidn.so.11.5.16 /usr/lib/libidn.so and it compiles and works if you get this email. Is there a bug in the configure? Cheers Bill -- Bill Maidment Maidment Enterprises Pty Ltd www.maidment.vu ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] OT: American date format (was: [EMAIL PROTECTED])
Jerry K wrote: All Americans is a pretty broad finger to point. North America alone consist of Canada, the US and Mexico. I think that you should limit your frustration to the US alone. Jerry K He! He! Where I come from Americans = US (both Yankees and southerners). Mexicans, Canadians, Argies (that lot we had a small war with), etc. are all referenced by their approximate real name. We could start another flame war on this topic alone :-) BTW I believe a more classical date format is the Ides of March which relates to how I would say a date e.g. The 20th of January in the year of our Lord 2005 ;-) Enough. Enough., I hear everyone cry! Bill -- What's the difference between Linux and Windoze? Linux - Thousands of programmers are working *WITH*you. Windoze - Thousands of programmers are working *AGAINST* you. Web Site http://www.maidment.com.au ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] [EMAIL PROTECTED] undetected
Christopher X. Candreva wrote: On Thu, 19 Jan 2006, Gerard Seibert wrote: Thomas Hochstein [EMAIL PROTECTED] Worm.VB-8 is ClamAV's name for [EMAIL PROTECTED], according to the advisories I read. I believe that, that definition was only added on the 18th. On 2/16 and Not true. The first VB-8 I have logged is from 11:53 EST on Jan 17 . -Chris That all depends on your time zone. EST in Australia may be different to EST somewhere else. Let's not get into a fight over this. Cheers (this English beer tastes soo good) Bill -- What's the difference between Linux and Windoze? Linux - Thousands of programmers are working *WITH*you. Windoze - Thousands of programmers are working *AGAINST* you. Web Site http://www.maidment.com.au ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] [EMAIL PROTECTED] undetected
Bill Maidment wrote: Christopher X. Candreva wrote: On Thu, 19 Jan 2006, Gerard Seibert wrote: Thomas Hochstein [EMAIL PROTECTED] Worm.VB-8 is ClamAV's name for [EMAIL PROTECTED], according to the advisories I read. I believe that, that definition was only added on the 18th. On 2/16 and Not true. The first VB-8 I have logged is from 11:53 EST on Jan 17 . -Chris That all depends on your time zone. EST in Australia may be different to EST somewhere else. Let's not get into a fight over this. Cheers (this English beer tastes soo good) Bill Sorry to reply to my own email, but I just noticed that the earlier poster is in a time zone a month ahead of the rest of us :-) I presume that 2/16 and 2/17 should have been 16th and 17th JANUARY. (I still don't understand why the Americans put the month in front of the day -- it makes no logical sense other than to be different from/than everyone else). Have a nice day .. uuuggghhh Bill -- What's the difference between Linux and Windoze? Linux - Thousands of programmers are working *WITH*you. Windoze - Thousands of programmers are working *AGAINST* you. Web Site http://www.maidment.com.au ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] [EMAIL PROTECTED] undetected
Christopher X. Candreva wrote: On Thu, 19 Jan 2006, Bill Maidment wrote: Not true. The first VB-8 I have logged is from 11:53 EST on Jan 17 . That all depends on your time zone. EST in Australia may be different to EST somewhere else. Let's not get into a fight over this. I mean GMT-0500 . I wasn't aware there were any overlaping zone abbreviations. Now GMT I understand ;-) What does EST mean - Eastern Standard Time, English Snooze Time, Emergency Summer Time? Cheers from EST which in Australia means GMT+10 hours in the Winter and GMT+11 hours in the summer, but varies depending on which state you're in. (My state is oh dear I need another beer). Bill -- What's the difference between Linux and Windoze? Linux - Thousands of programmers are working *WITH*you. Windoze - Thousands of programmers are working *AGAINST* you. Web Site http://www.maidment.com.au ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav doubt
Richard Pijnenburg wrote: Hi, This question is one of many :) Like the warning says: Local version: 0.87 Recommended version: 0.87.1 Just install the new version. Clovis Tristao wrote: Hi, I'm update Clamav using /etc/cron.d/clamav-update or freshclam, but appears this message ClamAV update process started at Tue Nov 8 10:26:12 2005 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.87 Recommended version: 0.87.1 DON'T PANIC! Read http://www.clamav.net/faq.html What's happening, because I update the system: clamav-0.87-1.fc5 clamav-update-0.87-1.fc5 clamav-data-0.87-1.fc5 clamav-lib-0.87-1.fc5 I'm read the http://www.clamav.net/faq.html, but not found any solution. Thanks any help, Clóvis 1. Don't top post. 2. Looks like he did update to 0.87-1 but not successfully. 3. What is fc5 A typo? Or am I that far out of date? 4. I think he is confusing signature update with package update. 5. I'm confused. It's been a lng day. Cheers Bill -- What's the difference between Linux and Windoze? Linux - Thousands of programmers are working *WITH*you. Windoze - Thousands of programmers are working *AGAINST* you. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav doubt
q# wrote: On Tue, Nov 08, 2005 at 10:33:52AM -0200, Clovis Tristao wrote: Hi, I'm update Clamav using /etc/cron.d/clamav-update or freshclam, but appears this message ClamAV update process started at Tue Nov 8 10:26:12 2005 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.87 Recommended version: 0.87.1 DON'T PANIC! Read http://www.clamav.net/faq.html What's happening, because I update the system: clamav-0.87-1.fc5 clamav-update-0.87-1.fc5 clamav-data-0.87-1.fc5 clamav-lib-0.87-1.fc5 0.87-1 != 0.87.1-1 Doh! Attention to detail. Nice catch. -- What's the difference between Linux and Windoze? Linux - Thousands of programmers are working *WITH*you. Windoze - Thousands of programmers are working *AGAINST* you. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: cvd timestamps question
G.W. Haywood wrote: All I'm saying is that there aren't exactly 86400 seconds in a day, so please don't be confused when you do the arithmetic and get an answer which differs from the one that your OS gives you (whatever it is:). And then there's Micro$oft I display the date/time on my website based on the user's clock - just for fun. Internet Exploder insists that the year is 3905. Buggered if I'm going to code for their time warps. Cheers Bill -- What's the difference between Linux and Windoze? Linux - Thousands of programmers are working *WITH*you. Windoze - Thousands of programmers are working *AGAINST* you. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Common Malware Enumeration
Daniel J McDonald wrote: Since the so-called major players are supposedly on board with this, will we see clamav providing input to this project? http://www.eweek.com/article2/0,1895,1862251,00.asp Frankly, it seems pretty hokey to me... I say, everyone do their own thing. Whoever choses the catchiest name wins. Let's keep these mail admins on their toes. It's so much more fun that way. Cheers Email Admin for whoever. -- What's the difference between Linux and Windoze? Linux - Thousands of programmers are working *WITH*you. Windoze - Thousands of programmers are working *AGAINST* you. ___ http://lurker.clamav.net/list/clamav-users.html
Re: Fwd: [Clamav-users] Re: which scans mail
rick pim wrote: Bart Silverstrim writes: CAN SOMEONE PLEASE UNSUBSCRIBE HIM? Maybe permanently?... After the 15th time, I really start to hate those @#$%! OoO replies... 15? wow. i fly into a rage with the first. probably bad for my blood pressure. Just send a message or 50 to the [EMAIL PROTECTED] address given. That relieved ny stress, in fact it gave me great pleasure ;-) -- What's the difference between Linux and Windoze? Linux - Thousands of programmers are working *WITH*you. Windoze - Thousands of programmers are working *AGAINST* you. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.85 0.81.1 tha same troubles with milter
Sergey wrote: Hello Kritof, KP # grep User /etc/clamd.conf KP User clamav Shouldn't the conf files be in /usr/local/etc/ ??? That's how it works for me and my log file is owned by clamav Cheers Bill -- What's the difference between Linux and Windoze? Linux - Thousands of programmers are working *WITH*you. Windoze - Thousands of programmers are working *AGAINST* you. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.85 0.81.1 tha same troubles with milter
Dennis Peterson wrote: Bill Maidment said: Sergey wrote: Hello Kritof, KP # grep User /etc/clamd.conf KP User clamav Shouldn't the conf files be in /usr/local/etc/ ??? That's how it works for me and my log file is owned by clamav That is dependant upon who built the binaries and the choices they made when doing so. If this were standardized there would be fewer instances of multiple versions of libs, executables, and config files installed on systems. As a minimum, packagers should describe in their docs where things go. My guess is most noobies would still not read it, but those who try to debug the mess they have would have another tool to work with. Agreed. Interestingly, it made me look at my setup again and, because I run Mimedefang, I have User defang in my clamd.conf clamav belongs to group defang and the log file permissions are 0660 clamav.clamav yet it still works on every clamav version including 0.85 and 0.85.1 My brain hurts. The lesson to learn is: know your system and don't trust packagers. I build clamav from source using default configure (even though I'm running Fedora 3.) -- What's the difference between Linux and Windoze? Linux - Thousands of programmers are working *WITH*you. Windoze - Thousands of programmers are working *AGAINST* you. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Submitting a virus file
Trog wrote: We are, of course, also looking for people to volunteer to become sig makers. Assuming that they have the time and the relevant skills. -trog Excellent idea, trog. If you can let me know what has to be done, I'd love to help making sigs. Cheers Bill -- What's the difference between Linux and Windoze? Linux - Thousands of programmers are working *WITH*you. Windoze - Thousands of programmers are working *AGAINST* you. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Tool to upgrade
Matt Fretwell wrote: Management|customers pay the wages. They don't need to know the specifics. Nor, in all honesty, should they. As long as they have a cosy little flow chart to keep them amused and happy, and a running and working system, that is all they need to know. And no, it doesn't surprise me. I keep all my customers updated from afar. They never know I have upgraded their systems unless I impart that knowledge to them. I charge to do a job. The specifics of that job are then no longer the customers concern. That is the purpose of contracting|employing someone to do the job. They do not want the hassle themselves. So yes, I do know the problems of a professional environment. And, although it goes down like a lead brick on occasion, I have a simple response and attitude. My way or find someone else. We are paid to do a job, and I am including myself in this statement. Pussyfooting is not a service I offer, however. Absolutely brilliant. Do you mind if I quote this? -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/) ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Version 0.83
Moritz Winterberg wrote: Hi, I just subscribed to the list, so forgive me if this question has already been answered. When executing freshclam I get a notice telling me to update to clamav Version 0.83. I'm running 0.82 which looking at the web seems to be the latest version ? What does this mean ? It means the web site administrator has made a mistake. There is an 0.83 if you click on 0.82 -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: [Clamav-announce] announcing ClamAV 0.83
Damian Menscher wrote: On Mon, 14 Feb 2005, Bill Maidment wrote: Why didn't I get the announcement? I got all the replies!!! Read the archive of this list back when 0.82, 0.81, 0.80, 0.75.1, 0.75, or any other release was announced. Then subscribe to the clamav-announce list. Damian Menscher I DID! Still nothing!!! -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: [Clamav-announce] announcing ClamAV 0.83
Alex S Moore wrote: It was on the announce mailing list. I do not think, at that time, it was posted to the users mailing list. Read my follow-up post about an hour ago. -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: [Clamav-announce] announcing ClamAV 0.83
Alex S Moore wrote: [EMAIL PROTECTED] wrote: and where might one find this new ClamAV 0.83? there's no link to it that i can find on clamav.net, nor any mention of it at all. most recent news is for 0.82. Dive into the 0.82 link to get to the page on sourceforge. 0.83 is there. Alex ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Why didn't I get the announcement? I got all the replies!!! -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV 0.82 out?
Brian Morrison wrote: On Mon, 07 Feb 2005 17:48:08 +0900 in [EMAIL PROTECTED] alan premselaar [EMAIL PROTECTED] wrote: That's what I do... and it's so low-traffic that it's non obtrusive. subsequently, that's how I knew about the 0.82 release as quickly as I did. Quite. You eventually find out on the users list anyway ;-) -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] initial configure
Arkady V.Belousov wrote: Hi! Firstly buy me devocote for them. :) I was thinking, buy me an oven Mmm, Pigeon Pie. BM Be fair, Tomasz. The guy's Russian and you know what they do with BM carrier pigeons, don't you :-) Earlier, cultivating pigeons was popular in our country, but now only England (AFAIK) continues this tradition. (There even used steroids for them. Poor pigeons.) As a devout Pom (that's Aussie slang for Englishman), I resemble that remark. (Ooops. Sorry, I'm slipping into one of those weird English confusion of words). BTW Pigeon Fancying, as it is called, is usually practiced in the North of England or at one time in the east end of London. Now you mention a pigeon on steroids. I wouldn't like to meet one of those East End pigeons in a dark alley at night ;-) -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] initial configure
Tomasz Kojm wrote: On Fri, 7 Jan 2005 01:08:23 +0300 (MSK) Arkady V.Belousov [EMAIL PROTECTED] wrote: Don't understand, why online access should/must be only one way to receive updates. We can send them to you every two weeks by a carrier pigeon. Be fair, Tomasz. The guy's Russian and you know what they do with carrier pigeons, don't you :-) -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] [Clamav-virusdb] SPF records
Brian Morrison wrote: On Wed, 27 Oct 2004 15:22:00 +0100 (BST) in [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Well at least I know this SPF thing really works. For some value of works. Especially those defined by Spamassassin NOT ;-) -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Old ClamAV workaround
Daniel J McDonald wrote: On Mon, 2004-10-25 at 08:00 -0400, Bart Silverstrim wrote: Well designed programs have a make uninstall option. So, you would go back to the orignial source, run make uninstall, then make install on the new source. except 'make uninstall' seems to be deprecated on perl modules like MIME-tools, and doesn't actually work. -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problems Compiling on Solaris X86 Box
James Lick wrote: Ken Jones wrote: All, I have been having problems compiling on a Solaris 8 X86 box since the release of 80rc series. Undefined first referenced symbol in file BZ2_bzRead scanners.lo BZ2_bzReadOpen scanners.lo BZ2_bzReadClose scanners.lo ld: fatal: Symbol referencing errors. No output written to .libs/libclamav.so.1.0.4 ClamAV 0.80 (and the rc versions) compiles fine for me on Solaris 10 B63 x86, so it is not a general Solaris x86 problem. I'm not sure if this is related, but on a RedHat box I had problems compiling .80 until I installed the bzip2-devel rpm. -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Freshclam DNS Warnings
One of my servers is giving these warnings. What causes this and is it anything to worry about? freshclam daemon 0.80 (OS: linux-gnu, ARCH: i386, CPU: i686) ClamAV update process started at Tue Oct 19 14:39:06 2004 WARNING: DNS record is older than 3 hours. WARNING: Invalid DNS reply. main.cvd is up to date (version: 27, sigs: 23982, f-level: 2, builder: tomek) WARNING: DNS record is older than 3 hours. WARNING: Invalid DNS reply. daily.cvd is up to date (version: 535, sigs: 1272, f-level: 3, builder: trog) -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] libbz2 and libgmp not found on x86_64 with rc3
Thomas Cameron wrote: All - Please bear with me, I am not a programmer so this might be something silly I don't know about. Programmers do silly things as well :-) Try rc4. It's working for me on a dual Opteron. Cheers -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamav-0.80rc4 fails to build on x86_64
Thomas Cameron wrote: On Sun, 2004-10-17 at 02:12 -0500, Thomas Cameron wrote: Sorry should have mentioned - this is on a Fedora Core 2 box with all updates applied as of today. RC3 builds just fine on this box. It's an AMD64. uname -a gives: Linux strongbox.example.com 2.6.8-1.521 #1 Mon Aug 16 09:01:00 EDT 2004 x86_64 x86_64 x86_64 GNU/Linux Aha. I wasn't aware that FC2 could handle the AMD64. I'm running on FC3-test1 with only a few updates. -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamv problem with 0.80rc2 and rc3
Bogusaw Brandys wrote: First check how is set TMPDIR and permissions to that directory , i think (but I maybe wrong ;-) TMPDIR is not set to anything. What controls that? I've never had any problems like this until today. -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/)
[Clamav-users] make fails with 0.80rc2
Hi I've built clamav-0.80rc2 on FC1 FC2 and FC3, but when I tried it on a RH 7.2 machine the make fails as follows: gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib -I./mspack -g -O2 -MT mbox.lo -MD -MP -MF .deps/mbox.Tpo -c mbox.c -fPIC -DPIC -o .libs/mbox.lo mbox.c: In function `getURL': mbox.c:2735: `CURLOPT_DNS_USE_GLOBAL_CACHE' undeclared (first use in this function) mbox.c:2735: (Each undeclared identifier is reported only once mbox.c:2735: for each function it appears in.) make[2]: *** [mbox.lo] Error 1 make[2]: Leaving directory `/usr/local/src/clamav-0.80rc2/libclamav' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/local/src/clamav-0.80rc2' make: *** [all] Error 2 Actually, I'm surprised I got this far, but I live in hopes. BTW the reason this machine is RH 7.2 is for technical reasons. So I'm stuck with this old distro. -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/)
Re: [Clamav-users] make fails with 0.80rc2
Trog wrote: Disable libcurl support: ./configure --without-libcurl Thanks. That did it. -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/)
Re: [Clamav-users] 0.80rc build error
Just to say 0.80rc built and runs just fine on FC3-test1 and FC1 Sneaky change of name on clamav.conf, tho ;-) -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd
Re: [Clamav-users] announcing ClamAV 0.80rc
Trog wrote: Also, your freshclam.conf will be missing DNSDatabaseInfo My freshclam.conf is indeed missing DNSDatabaseInfo, but I don't see anything replacing that. Is there supposed to be a freshclamd.conf ? -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd
Re: [Clamav-users] announcing ClamAV 0.80rc
Trog wrote: It's not a replacement, it's an addition to the existing freshclam.conf So why wasn't freshclam.conf renamed to force people to look at that too? -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd
Re: [Clamav-users] announcing ClamAV 0.80rc
Tomasz Papszun wrote: I'd like to add that changing the name from clamav.conf to clamd.conf was requested by users on the ML a few times. So, it's not our fault ;-). You are correct there. But it didn't appear in any devel versions until the 80rc came out. That's what took me by surprise. I'm all for the change. I just think it should have been pointed out more obviously. But then, I don't read everything :-) -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd
Re: [Clamav-users] announcing ClamAV 0.80rc
Matt wrote: 1) Reading the README. Agreed. How about adding an incompatibility comment similar to this from the mimedefang Changelog ? WARNING: Before upgrading MIMEDefang, please search this file for *** NOTE INCOMPATIBILITY ** to see if anything has changed that will affect your filter. -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named Alfred E. Newman, you may read only the odd numbered words (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from Stupid Email Disclaimers (see http://www.goldmark.org/jeff/stupid-disclaimers/)
Re: [Clamav-users] Problem using HTTPProxy with Username and Password
Tomasz Kojm wrote: Please test the attached patch and let me know if it helps. Thanks very much. That solved the problem. Sorry for the delay in responding, but this is the land of the long weekend. 8-) Cheers Bill
[Clamav-users] Problem using HTTPProxy with Username and Password
Hi No one responded to my previous post (probably lost under the original thread), so I'll give it a new thread. Running freshclam from clamav-0.72 through an authenticated firewall no longer works (worked fine in 0.71). I can't see anything in the freshclam source that could have caused this, so maybe it's a reaction to some other change. freshclam daemon started (pid=29313) ClamAV update process started at Mon Jun 7 11:02:11 2004 ERROR: Malformed CVD header detected. ERROR: Can't read main.cvd header from database.clamav.net (1.90.1.244) I'm using the following in /usr/local/etc/freshclam.conf with real data replaced with s, u, p # Proxy settings HTTPProxyServer s HTTPProxyPort 3128 HTTPProxyUsername u HTTPProxyPassword p Another system with no authentication on the proxy, works fine with HTTPProxyUsername and HTTPProxyPassword commented out, but it also shows the above error if I uncomment those lines. Cheers Bill
Re: [Clamav-users] ClamAV 0.72 Released
Todd Lyons wrote: Similar to this: [EMAIL PROTECTED] root]# cat /etc/logrotate.d/clamav /var/log/clamav/clamav.log { create 644 clamav clamav weekly compress postrotate /bin/kill -HUP `cat /var/run/clamav/clamd.pid` 2/dev/null || true endscript } Thanks guys. I just couldn't remember how it was done. Cheers Bill
Re: [Clamav-users] ClamAV 0.72 Released
Brian May wrote: Since it was not posted here, ClamAV 0.72 is available for download. Major bugfixes in this release include crashes with corrupted BinHex messages and some Excel documents. Protection against archive bombs (not fully functional since 0.70) was improved and a number of other improvements were made. Running freshclam through a firewall no longer works (worked fine in 0.71) freshclam daemon started (pid=29313) ClamAV update process started at Mon Jun 7 11:02:11 2004 ERROR: Malformed CVD header detected. ERROR: Can't read main.cvd header from database.clamav.net (1.90.1.244) Did something change? I'm using the following in /usr/local/etc/freshclam.conf with real data replaced with s, u, p # Proxy settings HTTPProxyServer s HTTPProxyPort 3128 HTTPProxyUsername u HTTPProxyPassword p Cheers Bill
Re: [Clamav-users] ClamAV 0.72 Released
Brian May wrote: Since it was not posted here, ClamAV 0.72 is available for download. Major bugfixes in this release include crashes with corrupted BinHex messages and some Excel documents. Protection against archive bombs (not fully functional since 0.70) was improved and a number of other improvements were made. The ClamAV team (http://www.clamav.net/team.html) Another problem with freshclam in 0.72. It stops checking for updates after the overnight logrotate. The logfile is totally blank, but freshclam is still running. Cheers Bill
Re: [Clamav-users] ClamAV 0.72 Released
Scott Truman wrote: The permissions on the new log file are probably wrong... Scott Do you see anything wrong with these permissions? Note that the previous file gets gzipped, so it can't get written to afterwards. Also note that when I restarted freshclam (nothing else) the log got updated. -rw-r--r--1 clamav root 483 Jun 7 03:34 clam-update.log -rw-r--r--1 clamav root 285 Jun 5 11:32 clam-update.log.1.gz
Re: [Clamav-users] ClamAV 0.72 Released
Graham Toal wrote: Are you sure it's not still writing to the old file? If it was already open for write, and left open rather than opened/closed on every write, that's a definite possibility. Even if the file is rm'd, unix can still let a process write to an open file. The space isn't recovered until the file is closed. Yep that was it. So I need to stop freshclam and clamd before logrotate and start them after logrotate? What a bore!
Re: [Clamav-users] Problem with clamscan .vs. clamdscan
Jim Maul wrote: Because clamscan doesnt use clamav.conf!! S many people dont seem to realize this. Perhaps it should to avoid any confusion! Perhaps, but this is not my decision. /etc/clamav.conf - /etc/clamd.conf ? The whole purpose of clamscan is to be a command line config'ed scanner. Clamd is a file config'ed scanner. Where is the hardship in that? It's not rocket science. And it clearly states this in the documentation (if anybody reads it). If you want clamscan to run with specific settings each time, create a shell script to call it. Exactly. I never said clamscan should use clamav.conf. I simply stated that since clamd/clamdscan (and optionally freshclam as well) are the only programs to use clamav.conf, perhaps it would avoid some confusion if it were to be called clamd.conf. Jim The problem arises because we users are lazy and our lazy eyes can't differential between clamscan and clamdscan and clamd. The names are all too similar! Now freshclam is a reasonably different name and we don't get freshclam.conf confused with clamav.conf (even though they can be merged). My point is that if we could make the names of the processes more distinguishable and match the conf files (if any) then we remove the chance of error. For example clamscan could be renamed to scanclam (with NO scanclam.conf), clamdscan renamed as daemonclam (with daemonclam.conf) or something like that. Just my thoughts, but anyway the product is absolutely fantastic and streets ahead of the competition. Keep up the good work. Bill
[Clamav-users] Freshclam daemon dying
Hi I'm usinf clamav-0.68-1 and occasionally (once every two weeks) I get this response ClamAV update process started at Tue Mar 30 08:46:36 2004 SelfCheck: Database status OK. ERROR: Maximal time (1200 seconds) reached. Then the freshclam daemon died. Anyone else come acroos this sort of behaviour? Cheers Bill
[Clamav-users] Freshclam Bug
Hi I previously reported a bug in freshclam/manager.c at line 362. My fix was incorrect and the problem is also at line 460. Both lines 362 and 460 need to be changed from: char* buf = mmalloc(strlen(user)*2+4); to: char *buf = mmalloc((strlen(user) + strlen(pass)) * 2 + 3); This ensures that buf is large enough to contain the base64 expansion of user:pass, including the \0. Cheers Bill --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam Bug
Tomasz I'm still coming to grips with C, but I was wondering why the CVS has: char *buf = mmalloc((strlen(user) + strlen(pass)) * 2 + 4); = in lines 362 and 460 of freshclam/manager.c I calculated that it should be + 3 based on 2 bytes for the : and 1 byte for the \0 I know it doesn't hurt if the buffer size is overstated, but I was just wondering if I'd missed something. Thanks Bill Tomasz Kojm wrote: Thank you, fixed in CVS. Best regards, Tomasz Kojm --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Trouble with ClamAV-0.66
OK removed everything in /usr/local/lib and reinstalled. Still segfaults. Here is /usr/local/lib contents. drwxr-xr-x2 root root 4096 Feb 13 08:19 . drwxr-xr-x 13 root root 4096 Aug 12 2003 .. -rw-r--r--1 root root 667906 Feb 13 08:19 libclamav.a -rwxr-xr-x1 root root 740 Feb 13 08:19 libclamav.la lrwxrwxrwx1 root root 18 Feb 13 08:19 libclamav.so - libclamav.so.1.0.3 lrwxrwxrwx1 root root 18 Feb 13 08:19 libclamav.so.1 - libclamav.so.1.0.3 -rwxr-xr-x1 root root 356830 Feb 13 08:19 libclamav.so.1.0.3 It's actually crashing on this instruction at the bottom of str.c buffer = malloc(j-i+1); where j=250 and i=79 The strange thing is that this is the second time it has gone through this routine with exactly the same input! Oh well, I'm learning something about C in the process. I'm getting another programmer to check it out. Also this machine had RedHat 9 installed as an upgrade from a partial RedHat 8, so something may be missing! Cheers Bill Tomasz Kojm wrote: It _shouldn't_ crash. I think for some reason it may be using an old libclamav version - please remove all *clamav* files from /usr/local/lib and reinstall 0.66. Best regards, Tomasz Kojm --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Trouble with ClamAV-0.66
More news. freshclam has segfaulted on one of my other machines. It seems to depend on which source of data is selected. At least one of the servers is sending the data undelimited (i.e. no \0 on the end) and so we get the data padded to 512 bytes with what looks like spaces. We still can't work out why it is failing, but it is. Cheers Bill Bill Maidment wrote: OK removed everything in /usr/local/lib and reinstalled. Still segfaults. Here is /usr/local/lib contents. drwxr-xr-x2 root root 4096 Feb 13 08:19 . drwxr-xr-x 13 root root 4096 Aug 12 2003 .. -rw-r--r--1 root root 667906 Feb 13 08:19 libclamav.a -rwxr-xr-x1 root root 740 Feb 13 08:19 libclamav.la lrwxrwxrwx1 root root 18 Feb 13 08:19 libclamav.so - libclamav.so.1.0.3 lrwxrwxrwx1 root root 18 Feb 13 08:19 libclamav.so.1 - libclamav.so.1.0.3 -rwxr-xr-x1 root root 356830 Feb 13 08:19 libclamav.so.1.0.3 It's actually crashing on this instruction at the bottom of str.c buffer = malloc(j-i+1); where j=250 and i=79 The strange thing is that this is the second time it has gone through this routine with exactly the same input! Oh well, I'm learning something about C in the process. I'm getting another programmer to check it out. Also this machine had RedHat 9 installed as an upgrade from a partial RedHat 8, so something may be missing! Cheers Bill --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Trouble with ClamAV-0.66
Found the problem. We are using HTTPProxy parameters and the user was being corrupted. In freshclam/manager.c line 362 changed char* buf = mmalloc(strlen(user)*2+4); to char* buf = mmalloc(strlen(user)*2+5); to allow for the \0 to be added. Cheers Bill --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Trouble with ClamAV-0.66
Ok, here's more info. freshclam is segfaulting. This is on a Celeron 1200 running RedHat 9. I have it working fine on an Athlon 600 RedHat 9 and on a Pentium III 1200 RedHat 7.2 Here's what I get when I run it non-daemon: ClamAV update process started at Thu Feb 12 10:07:53 2004 Connecting via squid Reading CVD header (main.cvd): Segmentation fault As I said before, the 0.65 freshclam works OK. Cheers Bill --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Trouble with ClamAV-0.66
More news. I have tracked down the segfault to libclamav/str.c cli_strtok which is running off the end when called from cl_cvdparse looking for the digital signature. I am not a C programmer, but it looks like one or more of the servers has a malformed main.cvd which is breaking the 513 bytes allocated. Cheers Bill Bill Maidment wrote: Ok, here's more info. freshclam is segfaulting. This is on a Celeron 1200 running RedHat 9. I have it working fine on an Athlon 600 RedHat 9 and on a Pentium III 1200 RedHat 7.2 Here's what I get when I run it non-daemon: ClamAV update process started at Thu Feb 12 10:07:53 2004 Connecting via squid Reading CVD header (main.cvd): Segmentation fault As I said before, the 0.65 freshclam works OK. Cheers Bill --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users