Re: [Clamav-users] Version 0.96.1 and gcc
On Mon, 2010-07-05 at 11:55 +0300, Török Edwin wrote: On Mon, 05 Jul 2010 10:17:59 +0200 claude angéloz claude.ange...@bluewin.ch wrote: Hallo, I must upgrade the clamav installed into an old system RH WS3. But this upgrade requieres a gcc-4.1 or 4.3 (because on this system all applications are install as source tarball) I'd suggest you to try 0.96.1. The oldest I ever tested ClamAV with is gcc 3.4.x, I don't know if 3.2.x would work or not. Try to build it, run 'make check' and if everything passes it should work. I have successfully compiled 0.96.1 with gcc-3.3.6 (with JIT disabled). -Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Clamav and MRTG
On Sun, 2009-01-04 at 21:44 -0500, Jim Carhart wrote: mailgraph (http://mailgraph.schweikert.ch/) is the rrdtool mail log plotter for me, then again ... I'm pretty simple in my needs. Works with clamd if you syslog as noted earlier in the thread. Alas, mailgraph has trouble with the calendar year of the logfile if it spans a year change. I'm sure I (we/anybody) could tweak the code if we so wished and solve that if the day/week the log file changes year. Sad that mailgraph is kinda dead development-wise. Does clamd need/want rrdtool plotting tools? Interesting idea me thinks. Actually intellegently plot the behaviour unique to clam ... just a thought. Just a 0.02 cents. Steve wrote: On Sun, 4 Jan 2009 17:33:06 -0500 Sorry Andrew, but MRTG really does do more than just monitor routers. I was searching for the same solution as Tarak as I just managed to get Spamassasin to graph. Spamassasin attaches via a socket or a local tcp connection. Indeed. One example shows it monitoring tide heights, and I've used it for monitoring exchange rates, spam rates, etc, etc. The interface is well defined, so code away... it need not just be oids you're monitoring. rrdtool is more flexible, as you can display 2 data feeds/graph, and there are plenty of tools ( cacti, munin for example ) built on top of that. Tobi should be knighted IMO. Steve We use mailgraph, too, and create daily/weekly/monthly plots of mail traffic including incoming mail rate, rejected mail, virus infected, and spam. I didn't realize it was at a dead end. Been using it for quite awhile with no problems. Since we use amavisd, we have the tool parse out the relevant amavisd log entries for the stuff we want to graph. -Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 94.2 build fails
On Thu, 2008-11-27 at 10:47 -0600, Chris wrote: I'm trying to build the rpm's for my Mandrake 10.1 box. Below is the failure: Patch #0 (clamav-mdv_conf.diff): + patch -p1 -b --suffix .mdvconf -s 1 out of 11 hunks FAILED -- saving rejects to file etc/clamd.conf.rej error: Bad exit status from /home/chris/rpm/tmp/rpm-tmp.98383 (%prep) This is caused by a change in the clamav.conf source file such that the Mandriva specific patch failed to apply. I'll send you an updated patch via email, since it's probably not of general interest to the list. -Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] building 0.94.1
On Wed, 2008-11-05 at 13:43 +0100, aCaB wrote: Bill Randle wrote: My workaround was to add the following to the spec file: # hack to prevent libtoolize from being called. Since we don't patch # the configure.in file, there's no need to re-configure. mv configure.in configure.in.nu Hi all, Just a FYI, you can call libtoolize (or autoreconf) just don't use the --force option. Good reminder for package scripts that call libtoolize directly. In this case, it's inside a vendor system macro file that I didn't want to edit as you never know when it might get modified on an upgrade. -Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] building 0.94.1
On Tue, 2008-11-04 at 15:18 -0600, Chris wrote: On Tuesday 04 November 2008 3:09 pm, Nathan Brink wrote: Chris wrote: Is there a different version of libtool required to build 94.1 than there was to build .94? I had this problem too. However, I think I only had it when I ran libtoolize and/or ran autoreconf. I think that ClamAV people are assuming you won't run libtoolize and autoreconf when building clamav. See my bug #1251 at:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1251 . On my machine, if I remove the files m4/{lt*,libtool}.m4 before running libtoolize and autoreconf, compiling works fine. I hope that works for you too. I may have been a bit unclear, I'm trying to build Mandrake 10.1 rpms. Just had back surgery yesterday so probably too many pain meds. The problem relates to bug# 1251 as previously mentioned. In the Mandriva rpm spec file, the macro % configure2_5xis used, which among other things does this: cputoolize -c . cd . '[' -f configure.in -o -f configure.ac ']' libtoolize --copy --force which means libtoolize is always called since there's a configure.in file in the top level clamav directory. I do not know why this was not a problem before but probably has to do with pulling in the newer macros as mentioned in the bug report. (I'm using libtool-1.5.18.) My workaround was to add the following to the spec file: # hack to prevent libtoolize from being called. Since we don't patch # the configure.in file, there's no need to re-configure. mv configure.in configure.in.nu -Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] failed updates
On Fri, 2008-09-05 at 19:47 -0500, Chris wrote: I've been seeing this quite a lot since I upgraded to .94 yesterday. The entire log snip can be seen here: http://pastebin.com/m2e56e3bf but it starts out like this and continues. Fri Sep 5 17:25:11 2008 - Retrieving http://db.us.clamav.net/daily-8169.cdiff Fri Sep 5 17:25:11 2008 - Ignoring mirror 168.143.19.95 (due to previous errors) Fri Sep 5 17:25:11 2008 - Ignoring mirror 207.57.106.31 (due to previous errors) Fri Sep 5 17:25:11 2008 - Trying host db.us.clamav.net (209.170.150.7)... Fri Sep 5 17:25:41 2008 - nonblock_connect: connect timing out (30 secs) Fri Sep 5 17:25:41 2008 - Can't connect to port 80 of host db.us.clamav.net (IP: 209.170.150.7) The next time freshclam is run there are no issues, then it may update a couple more times then fail again. Anyone have any ideas on this? Looks like a mirror problem. I get the same messages with 209.170.150.7, 207.57.106.31 and 168.143.19.95 but the server at 138.123.96.134 works ok. It just takes it a few attempts until that IP comes up on the round robin DNS for db.us.clamav.net. I see 64.246.134.219 is also working. -Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Missing Freshclam after upgrade to clamav-0.90.3-1.fc7
On Sun, 2007-09-16 at 20:42 -0400, Daniel Staal wrote: --As of September 17, 2007 10:22:35 AM +1000, Graeme Nichols is alleged to have said: 1. The package I used to upgrade clamav was built by Redhat/Fedora for F7 so surely should be able to be trusted for use on a Fedora 7 system. Sure, packages from other package builders could have been built on any distro or release and *could* introduce problems. 2. Why has there been a change in the packaging of clamav? Freshclam is essential to the operation of clamav and *should* be in the same package as clamav. As for the second: That is up to the package maintainer, who may or may not be on this list. The clamav team _does_ include freshclam with clamav, in their source tarballs. If it is not included in this package, it is because the creator of this package has intentionally removed it. With F7, the maintainers seem to have split clamav into even more packages. The base clamav package contains clamscan, clamdscan, sigtool and some other stuff. Clamd is in the clamav-server package and freshclam is in the clamav-update package. This was gleaned from inspection of the clamav packages in F7 updates dated 06-Sep-2007. I'm not sure why they did this, but I guess it helps reduce the number of programs required for a minimal install. Still, to update a server running clamd, you would need to update clamav, clamav-data or clamav-data-empty, clamav-filesystem, clamav-lib, clamav-server, and clamav-update. Of course, if you're using the milter, then you also need clamav-milter. -Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Missing Freshclam after upgrade to clamav-0.90.3-1.fc7
On Mon, 2007-09-17 at 12:42 +1000, Graeme Nichols wrote: Hello Bill, On 17/09/2007, Bill Randle [EMAIL PROTECTED] wrote: On Sun, 2007-09-16 at 20:42 -0400, Daniel Staal wrote: --As of September 17, 2007 10:22:35 AM +1000, Graeme Nichols is alleged to have said: 1. The package I used to upgrade clamav was built by Redhat/Fedora for F7 so surely should be able to be trusted for use on a Fedora 7 system. Sure, packages from other package builders could have been built on any distro or release and *could* introduce problems. 2. Why has there been a change in the packaging of clamav? Freshclam is essential to the operation of clamav and *should* be in the same package as clamav. As for the second: That is up to the package maintainer, who may or may not be on this list. The clamav team _does_ include freshclam with clamav, in their source tarballs. If it is not included in this package, it is because the creator of this package has intentionally removed it. With F7, the maintainers seem to have split clamav into even more packages. The base clamav package contains clamscan, clamdscan, sigtool and some other stuff. Clamd is in the clamav-server package and freshclam is in the clamav-update package. This was gleaned from inspection of the clamav packages in F7 updates dated 06-Sep-2007. There seems to me to be quite a mess with clamav and F7. My previous install (an update of previous installs) was clamav-0.90.2-27.fc6.at.i386.rpm and it contained the whole kaboodle. After upgrading to F7 clamav no longer worked. I then did a 'yum update clamav' which resulted in the half baked install of clamav-0.90.3-1.fc7. Some dependencies were installed but none associated with clamav directly or clamav-update or clamav-server or any other clamav related package. The clamav program is totally useless without the ability to update the virus sig. file. Seems like a cock-up to me :-( ** Seems like at a minimum, the dependencies in yum are severely broken. I would manually download the clamav packages in F7 updates (currently at 0.91.2-2.fc7) and install them by hand (rpm -Uhv clamav*). -Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Stats script quit reporting correct number of sigs
On Sat, 2007-05-26 at 17:07 -0500, Chris wrote: The rest of the line is on 1 May. I run a perl script nightly that reports several things including the total number of signatures. On 30 April it reported there were: Total viruses detected 9,998 Total Database Signatures 113,729 On 1 May however it reported: Total viruses detected 10,021 Total Database Signatures 9,364 Chris, Change line 76 of the clamstats.pl file to: if (/main\.(?:cvd|inc).+\(version:\s(\d+),\ssigs:\s(\d+),/) { The problem is it was looking for main.cvd only, but now there's a main.inc as the base file. After making the change I get 119,064 total sigs as of today. -Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Creation of binary .rpm package.
On Tue, 2007-02-20 at 13:44 +1100, Graeme Nichols wrote: Bill Randle wrote: On Tue, 2007-02-20 at 12:58 +1100, Graeme Nichols wrote: Hello, I tried to create a binary .rpm package from the clamav-0.90.tar.gz tarball using the command 'rpmbuild -tb clamav-0.90.tar.gz' which failed with the following errors: Is there a .spec file available for this tarball to enable me to build a .rpm binary under FC6 as there is no .rpm binary on the clamav repositories (no '6' directory at all) If not, is there any other way to build an .rpm binary package? Installing manually is not an option. Creates too many problems at a later date or when upgrading the distribution. Have you considered downloading an SRPM file for an earlier distro (FC5, FC4) and build using that spec file? Chances are, it will work unchanged on FC6. Hi Bill, nope, I hadn't thought of that but wouldn't I need a .src.rpm for the 0.90 release? Do you know how to get the spec file out of the older .src.rpm package for, say, FC5, and use it on the latest release tarball? I know enough in this area to get by but no more. The FC5 repository for clamav-0.90 includes an SRPM and in addition, he also keeps a copy of the spec file there: http://crash.fce.vutbr.cz/crash-hat/5/clamav/ Since there may be some RH/FC specific init files, etc., I'd start with the SRPM file (clamav-0.90-1.src.rpm). Install this, then use the spec file to build for FC6 (rpmbuild -bb clamav.spec). -Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Mandrake....
On Mon, February 12, 2007 4:29 pm, Daniel J McDonald wrote: On Mon, 2007-02-12 at 15:41 -0300, Michael Fernández M. wrote: Hi... Is there a way to upgrade Clamav from 0.88.4 to 0.88.7 by binary in a mandrake 9.1? I have found in rpmfind, rpmseek, but i do not found any package for Mdk 9.1. You will need to find a 9.1 system that has a proper build environment, and then rebuild the source-rpm. But the current Mandriva srpms are designed only for 10.2 and later, due to the macros that have been added. Actually, I think they are probably buildable on 9.1 with little or no changes to the spec file. I used to build 9.2 rpms until that particular server was retired. Mandriva still maintains a 10.0-like OS, called Mandriva Corporate Server 3, and clamav-0.88-7.0.1 is available for that platform. There are also rpms for 10.1 available on my ftp site here: ftp://ftp.neocat.org/pub/RPMS/10.1/i586 You could try them and see if they'll install and run on 9.1. You may have dependency problems, though, as they will probably expect newer versions of some packages. Your best bet it to download the current Mandriva SRPM and try building new binaries. -Bill P.S. There is a 9.2 directory, too, but the latest clamav build is 0.88.5 - not much newer than what you have. -- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Complexity limit on (custom) signatures?
On Sat, 2006-10-28 at 16:54 -0400, Kris Deugau wrote: Henrik Krohns wrote: I don't get it.. unless you have some big honeypot, maybe 5% of traffic contain small images to be OCRd. If your server can't handle that, I guess it's running out of juice anyway. :) Well... yeah. g The basic problem is that all the other garbage (with the occasional inevitable exception) is getting caught by Clam (viruses and most phishes) or SpamAssassin (all but a few text-based spams. I've found *enough* similarities in the raw binary image data to usefully make signatures for a lot of what is otherwise getting through; at the moment this is just a stopgap until these machines can be retired. However, in the long run, OCR to feed the text to SpamAssassin's other rules is a better solution; it's much more flexible. Indeed. For those interested in the topic of OCR to feed SpamAssassin, there's an active project with its own mailing list that does just this. It turns out to be a non-trivial task because many of these image spam are animated gifs, so you need to find the right frame to pass to the OCR program. Start here: http://wiki.apache.org/spamassassin/FuzzyOcrPlugin then subscribe to the Devel-Spam mailing list (there's a link on that page). -Bill ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Complexity limit on (custom) signatures?
On Sat, 2006-10-28 at 16:21 -0700, Dennis Peterson wrote: Bill Randle wrote: On Sat, 2006-10-28 at 16:54 -0400, Kris Deugau wrote: However, in the long run, OCR to feed the text to SpamAssassin's other rules is a better solution; it's much more flexible. Indeed. For those interested in the topic of OCR to feed SpamAssassin, there's an active project with its own mailing list that does just this. It turns out to be a non-trivial task because many of these image spam are animated gifs, so you need to find the right frame to pass to the OCR program. Start here: http://wiki.apache.org/spamassassin/FuzzyOcrPlugin then subscribe to the Devel-Spam mailing list (there's a link on that page). You might want to consider the next level of image spam before you go too far down the OCR path: http://www.iss.net/threats/Animated%20GIF.html Actually, the FuzzyOCR plugin already handles animated gifs using various techniques to extract the hidden text. It also is able to decode png and jpeg files. -Bill ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Compiling 0.81 under Mandrake 10.0
On Wed, 2005-02-02 at 11:35 -0500, Jeff Lanzarotta wrote: Hello, I'm trying to compile 0.81 on Mandrake Linux 10.0. When I do a .configure I get the following warning: 8--- checking for __gmpz_init in -lgmp... no checking for mpz_init in -lgmp... no configure: WARNING: ** GNU MP 2 or newer NOT FOUND - digital signature support will be disabled ! 8--- When I do a 'rpm -qa | grep gmp', I get: libgmp3-4.1.2-4mdk Any idea on how to correct this warning? Regards Jeff, Install the -devel RPM for gmp (libgmp3-devel-4.1.2-4mdk). -Bill -- Bill Randle [EMAIL PROTECTED] Neo Software, Inc. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Why use amavis over simscan?
On Sun, 2004-12-26 at 19:11 +, [EMAIL PROTECTED] wrote: I'm setting up some email gateways for small businesses and was wondering what program the people on this list would use to combine clam and spamassassin for an email gateway. It depends somewhat on the MTA you plan to use (which you didn't mention). Simscan is designed for qmail; amavis works with postfix, sendmail, and presumably others. I've configured several email gateways and use postfix/amavisd-new/clamav/spamassassin. I'm very happy with the control amavisd-new gives you over message disposition (discard, quarantine, bounce, pass). -- Bill Randle [EMAIL PROTECTED] Neo Software, Inc. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Why use amavis over simscan?
On Sun, 2004-12-26 at 21:24 +0100, Ralf Hildebrandt wrote: * [EMAIL PROTECTED] [EMAIL PROTECTED]: I'm setting up some email gateways for small businesses and was wondering what program the people on this list would use to combine clam and spamassassin for an email gateway. What is simscan? I just looked it up: http://www.inter7.com/?page=simscan It's a filter program for qmail similar to amavisd[-new] or mimedefang. -- Bill Randle [EMAIL PROTECTED] Neo Software, Inc. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: Re[2]: [Clamav-users] Clamav on Postfix (Happy Holidays to all)
On Mon, 2004-12-27 at 08:40 +0600, Kev wrote: Then, you (may) need something to connect postfix and clam, I personally favour clamsmtpd as it is lightweight, reliable and fast, but some amavis variant (and others) may help too. Sounds to me like you want clamsmtpd though... (read clam docs where and how!). clamsmtpd is clamd-0.80-2.0.rh9.rf.i386.rpm ? or any other smtpd that i have to download, where can i find it ? form www.clamav.net ??? Didn't I already say RTFM? I aint wasting bits from my bucket on general principle. Look for clamsmtp in docs. rpm -ql -p clamd-0.80-2.0.rh9.rf.i386.rpm would show you that clamsmtpd aint in that package. Hi all, thanks for all the help you gave me, the prb was the clamav should be installed in this order clamav-db clamav clamd That's where you should let RPM figure out the correct order. Just list them all on the command line. E.g.: # rpm -ihv clam* does any one know where i can find the rpm for clamaSMTP ? It appears you may have to build it yourself from the source rpms. Start here: http://memberwebs.com/nielsen/software/clamsmtp/ -Bill -- Bill Randle [EMAIL PROTECTED] Neo Software, Inc. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Clamav on Postfix (Happy Holidays to all)
On Fri, 2004-12-24 at 08:52, Kev wrote: Hi All, I have a RedHat 9 Box with Postfix, can any one tell me where can i download RPM installation for this, and with all the dependance. and a good documentation on how to. i tired the following url form the http://www.clamav.net http://dag.wieers.com/packages/clamav/ http://filelister.linux-kernel.at/?current=/packages/SRPMS/ but they all fail with dependance errors. i only need to scan and block attachments. plz advice, im new to clamav. For a Postfix installation, I generally install the clamav, clamd, and clamav-db RPMs and skip the -devel and -milter packages. That may help your dependency problems. If not, what is it complaining about? -Bill ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Independent Testing
Dave P wrote: I am trying to convince my company to switch to open source where possible. It is much easier if the software has been evaluated by an independent group. Unfortunately, reviews that I could find, including GMX Systematic and Heise magazines, were negative. The opinion seemed to be summed up by Andreas Marx's (of AV-Test.Org) comments to the 2004 Virus Bulletin Conference where he said that results of a particular test were not available for ClamAV, because a large number of files in our test set are still not detected. Are there any independent tests out there that do not paint such a bleak picture? Are there any plans to submit ClamAV or ClamWin to Virus Bulletin? Dave I can't speak for the maintainers, but I think there was some discussion of this on the mailing list awhile back. As I recall, part of the problem was the test set included a lot of obsolete or older Windows 95 type viruses, as well as macro viruses that weren't detected at that time. Since then, I know a lot of the older stuff, as well as macro virus definitions have been added. I think a better test is side-by-side comparisons with standard, commercial, products. If you search the archives, you will some comments from users. For my part, we have Clam installed on the front end mail filter box. We also have a site license still for Norton which runs on the Exchange server and desktops. Since installing ClamAV, we have not seen a single hit by Norton. -Bill ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] freshclam: crontab vs. daemon
On Tue, 2004-09-07 at 04:19, Matt wrote: Ralph Angenendt wrote: Niek wrote: On 9/7/2004 9:28 AM +0200, Ralph Angenendt wrote: Which would give the following behaviour how? | ClamAV update process started at Tue Sep 7 07:08:22 2004 | ClamAV update process started at Tue Sep 7 08:01:43 2004 | ClamAV update process started at Tue Sep 7 08:55:03 2004 something like the following in freshclam.conf: Checks 25 or 26 As you can see, I'm fully aware of that. How do you do that with crontab was the question longing for an answer. Ralph There was a crontab entry posted a while since, which made use of $[RANDOM] to alter the update time. Relevant section from the original email: As per discussions on this list on awhile ago; I use the following for my crontab entry: 0 * * * * sleep $[ $RANDOM % 1800 ] ; /usr/local/bin/freshclam --quiet this causes it to sleep for a random period of time not exceeding 30 min before executing. Rob Matt Slightly better, I think, is to add an offset to avoid hitting close to the hour. This is what I use: sleep $[ 900 + $RANDOM % 1800 ] which goes from 15 past to 15 to the hour. -Bill --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] LocalSocket Error in CLAMAV .75
On Wed, 2004-08-11 at 10:06, Silly Billy wrote: while executing this command to configure Clamav ... perl -pi -e s/^LocalSocket /tmp/clamd/LocalSocket /var/run/clamav/clamd/g /etc/clamav.conf Use a different expression separator. E.g.: perl -pi -e s:^LocalSocket /tmp/clamd:LocalSocket /var/run/clamav/clamd/g /etc/clamav.conf The '/' separator is being confused by the '/' in the directory path name. -Bill --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] LocalSocket Error in CLAMAV .75
On Wed, 2004-08-11 at 10:51, Damian Menscher wrote: On Wed, 11 Aug 2004, Silly Billy wrote: while executing this command to configure Clamav ... perl -pi -e s/^LocalSocket /tmp/clamd/LocalSocket /var/run/clamav/clamd/g /etc/clamav.conf an error appear as mentioned below ... [EMAIL PROTECTED] test]# perl -pi -e s/^LocalSocket /tmp/clamd/LocalSocket /var/run/c lamav/clamd/g /etc/clamav.conf Bareword found where operator expected at -e line 1, near s/^LocalSocket /tmp/c lamd syntax error at -e line 1, near s/^LocalSocket /tmp/clamd Execution of -e aborted due to compilation errors Could anyone help me to sort out this error ?? You're doing a search-and-replace. The way that works is it takes the first character after the / and uses it as the delimiter for what to search for vs what to replace it with. Since you have lots of /es in your pathnames, you're totally confusing it. Try the command: perl -pi -e s!^LocalSocket /tmp/clamd!LocalSocket /var/run/clamav/clamd! /etc/clamav.conf Here I'm just using ! instead of / as the delimiter. As a side note, when trying to be completely general, I often use ^G as my delimiter. Never seen a config file with one of those! ;) Using a ! as a delimiter can cause problems unless your expression is enclosed in single quotes. Keep in mind the shell will try and interpret stuff inside double quotes. For instance, if I try the above (at least with csh) I get: LocalSocket: Event not found. Best to always use single quotes unless you are doing variable substitution. This applies to sed, as well. -Bill --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Upgrading
Todd Lyons wrote: Bill Randle wanted us to know: On Tue, 2004-07-13 at 17:41, A.R.S. KA9QLQ Alvin Koffman wrote: I'm using clam 0.54-7mdk and was wondering should I upgrade and if so what's the easyest way? I'm using Mandrake 9.1 2. You can either rebuild from the SRPM in Mandrake cooker, or you can grab my RPMS for 9.2, which should work fine on your 9.1 system. [ftp://ftp.neocat.org/pub/RPMS/i586/] Check the version of perl. I know that 9.2 had perl 5.8.0, but better check 9.1 to make sure the rpm is going to put the *.pm files in the correct locations. Good point, Todd. 9.1 used perl 5.601, while 9.2 uses 5.8.1. However, I'm not aware of any Perl files/modules used by clamav. Am I missing something? If this were SpamAssassin we were talking about, I would agree. -Bill --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Upgrading
On Tue, 2004-07-13 at 17:41, A.R.S. KA9QLQ Alvin Koffman wrote: I'm using clam 0.54-7mdk and was wondering should I upgrade and if so what's the easyest way? I'm using Mandrake 9.1 Thanks Alvin P.S. Has anyone got it to work with Thunderbird email? 1. Absolutely. There have been many improvements between 0.54 and 0.74 (current stable version). 2. You can either rebuild from the SRPM in Mandrake cooker, or you can grab my RPMS for 9.2, which should work fine on your 9.1 system. [ftp://ftp.neocat.org/pub/RPMS/i586/] 3. Can't answer the question about Thunderbird. -Bill --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] How to disinfect an mbox file?
On Thu, 2004-06-17 at 19:16, Michael D. Crawford wrote: I think the virus that's assaulting me is what this page calls the PE_ZAFI.B virus: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_ZAFI.BVSect=T The clamav database lists a virus called Worm.Zafi.B. I'm still working on downloading my mailbox. I copied it to my home directory at my hosting service, then truncated my mail spool file so I wouldn't fill up the filesystem. My spool file had grown to 1.2 gigabytes in three days. After I truncated my spool file, I was able to open it in elm for a little while before elm was unable to keep up and quit. In the space of five minutes or so I received 417 messages. Elm crapped out when the spool file had about 2000 messages in it. As an interesting aside, the Zafi worm also ignores DNS MX records and goes straight for final destination if it can. We have a postfix/amavisd/clamav/spamassassin filter box that fronts the main server which contains user mailboxes. The main server kept getting all these Zafi infected mails coming in, and it took me a bit to realize they were bypassing the filter box entirely. I ended up putting an access rule in the main gateway router to block incoming smtp to everything except the filter box and that's stopped it. -Bill --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] How to disinfect an mbox file?
Bert Koelewijn wrote: B. van Ouwerkerk wrote: This is a good reason to use maildirs. Jim Oh, come on! This is just shortcoming of ClamAV. Why have a --mbox option if you can't identify the infected email?! RAV did this better. Bert So? Last time I checked RAV wasn't exactly free. If it's not done in CVS yet then I suppose it might get done at some point. This is open source so I bet you're free to submit code which does exactly what you describe. At the very least you could alter the code to fix it for your own use. Compared to commercial products Clamav looks pretty good to me. FWIW, I would go for a solution with procmail :-) B. You can't check anymore, because RAV is now Microsoft... That's how I found ClamAV and I agree, it's pretty, compared to the commercial products. Gegroet, Bert Not only can you not buy it anymore, it's really no better than ClamAV at detecting viruses. We have used RAV for several years and it is still running (until it expires next month) as a cross check after Clam. So far in a couple of months of monitoring, there was only one virus that RAV detected that Clam didn't. That was an old W97 macro virus when we had an older version of Clam. Current versions of ClamAV would probably catch it. -Bill --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] postfix - amavis - clamav problem!
On Mon, 2004-05-31 at 08:37, Guercio wrote: Hi, i've a small mail server that use postfix to deliver mail in my net. i want to use clamav to stop all virus that come from internet the server is a redhat 7.3 and i've installed postfix, amavisd (snapshot-20020300) and clamav 0.71. i add this line to amavisd.conf: # Clam Antivirus $clamscan = /usr/local/bin/clamscan; $clamd = /usr/local/sbin/clamd; and this to main.cf: # AMaViS configuration content_filter = vscan: but when i start the MTA the mail doesn't arrive to user. how can i resolve this problem? The first thing to do is look at the mail log files and see what was logged. Generally, this will point you in the right direction. Did you start the clamd program (/etc/init.d/clamd start)? Did you edit the /etc/clamav.conf or /etc/clamd.conf file? Did you install clamav from an RPM package or source file? There was not near enough information in your post to solve your problem. -Bill --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamd message Can't create temporary directory
On Mon, 2004-05-31 at 11:36, Clive Dove wrote: [cut] BTW, the rpm packages have created files /etc/clamd.conf and /etc/clamav.conf, both of which look alike as to contents. Is clamdscan using one and clamscan using the other, or is one of them not needed? Clamscan is hardcoded to use /etc/clamav.conf. In the Mandrake RPMs, /etc/clamd.conf is used for clamd (when started from its init script). This allows you to have different options for the daemon and the command line scanner, should you choose to do so. The installed versions of both files are the same. -Bill --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav and amavisd-new woe
On Wed, 2004-05-05 at 06:55, Lionel Bouton wrote: Hi, I just discovered something odd with our amavisd-new / clamav installation : note: our amavisd-new is dated from 2002/12/27. The problem might have been solved since then. It has. When this version receives an encrypted zip files with $bypass_decode_parts = 0; (the default value in the conf file) it doesn't pass it to the av_scanners after failing to uncompress it. I had to change $bypass_decode_parts to make the whole system detect encrypted archives... Imagine my surprise when I received Worm.Bagle.Gen-zippwd myself ! amavisd-new users may want to check their setup... There was a patch posted to this mailing list (check the archives, or maybe someone else will repost it) that allows sending the entire message with all headers to clamd, in addition to the individual parts. The patch, or a newer version of amavisd-new, is required to catch the password protected zip files. -Bill --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav and postfix
Faustino Benitez wrote: Hi: I have a question about the setup of clamav and postfix: Use two instances of postfix is the only way to integrate clamav with postfix? Thanks. fausto Typically, clamav/clamd is integrated into Postfix with another tool such as amavisd[-new] or mailscanner. Both are popular and you can also include SpamAssassin in the mix to filter out spam at the same time. -Bill --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Clamav and microsoft exchange.
Yes, it can. For instance, if you use Postfix you can add your domains and exchange servers in the transport file. Edit the Postfix transport file. Add something similar to: .domainAsmtp:[serverA] .domainBsmtp:[serverB] See the examples in the sample transport file for details. Then run 'postmap transport'. In main.cf, uncomment or add a line that says transport_maps = hash:/etc/postfix/transport Finally, run 'postfix reload' and you should be set to go (or at least close). -Bill On Mon, 2004-04-19 at 22:51, Bora wrote: Hi, can the gateway be used to filter multiple domains for different Exchange server? If so, where can I find the documentation? TIA. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Corey Kaiser Sent: Monday, April 19, 2004 1:41 PM To: '[EMAIL PROTECTED]' Subject: RE: [Clamav-users] Clamav and microsoft exchange. Better yet, use amavisd-new+clamav+spamassassin+razor and postfix. Look here: http://www.networkborder.com/technicaldocuments/postfix/avaspostfixgateway_1 _0_0.php and also here if you want to really intergrate the two: http://www.unixwiz.net/techtips/postfix-exchange-users.html -crk -Original Message- From: Peter Bonivart [mailto:[EMAIL PROTECTED] Sent: Monday, April 19, 2004 9:07 AM To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] Clamav and microsoft exchange. Wiltshire, Michael wrote: I'm supposed to set up clamav to scan mail going to our Microsoft Exchange 5.5 . From the documentation I've seen I don't see how that can be done. Can someone help me out on how to do this, or point me in the direction where I can find information on the topic? Put a box in front of it running MailScanner. You can let it filter virus and spam for free before sending it to Exchange. It's very flexible and powerful but still easy to install. Great support on their list too. http://www.mailscanner.info -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7, SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70RC + GMP 4.1.2, Vispan 1.3 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Eicar test
On Wed, 2004-04-14 at 04:15, Mike van Vugt wrote: Hi, Downloaded the test but my provider does not allow me to send that file... I get back a mail telling me the virus is removed and that i am not allowd to send virusses ;-))) That's a good thing that your provider is providing virus scanning. You may want to ask them what they use for virus scanning. If they run clamav, then you don't need to bother running it on your home system unless you're operating your own mail server. It's good that you got clamd running, but in your situation I'm not sure what value it is. Clamd in and of itself will not scan and delete infected email. You need to have another program that feeds messages to clamd, then checks the status and either passes the mail on for delivery or deletes it. This is most often used on mail server machines. In the case where you collect your mail via POP or IMAP from an ISP with your mail client (e.g., evolution), you probably want to run the command line version of the scanner (clamscan) as a filter rule in evolution on your incoming mail. I think this has been discussed on the mailing list in the past, so check the archives for examples of how to configure evolution to do this. -Bill --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamd
Mike van Vugt wrote: Installed clamav, clamav-db and libclamav1. Tried to install and run clamd but got the next message # /usr/sbin/clamd LibClamAV Error: cli_cvdload(): Can't create temporary directory /root/tmp/163df1b13c4bdbca ERROR: Unable to create temporary directory. [EMAIL PROTECTED] clamav]# Anyone ??? Mike, Use the init script that's installed with the RPMs to start clamd (/etc/init.d/clamd). It sets the home directory and tmpdir prior to starting clamd. Typically, this will be /var/lib/clamav or /var/lib/amavis if running amavisd. Since you started it as root, it is trying to make the tmp directory under /root, but since by default clamd is running under user clamav, it doesn't have permission to create that directory. -Bill --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamd
Mike van Vugt wrote: [ ] Mike, Use the init script that's installed with the RPMs to start clamd (/etc/init.d/clamd). It sets the home directory and tmpdir prior to starting clamd. Typically, this will be /var/lib/clamav or /var/lib/amavis if running amavisd. Since you started it as root, it is trying to make the tmp directory under /root, but since by default clamd is running under user clamav, it doesn't have permission to create that directory. -Bill $ /usr/sbin/clamd ERROR: Problem with internal logger. Please check the permissions on the /var/log/clamav/clamd.log file $ ls -al total 16 drwxr-xr-x 2 clamav clamav 4096 Apr 13 16:36 ./ drwxr-xr-x 12 root root 4096 Apr 13 15:04 ../ -rw-r- 1 clamav clamav 231 Apr 13 16:37 clamd.log -rw-r- 1 clamav clamav 1664 Apr 13 19:27 freshclam.log Now, how to set the permissions ??? chmod 666 ? The RPMs should create the directories with the correct permissions, and what you have above looks right. Try doing what I suggested the first time and start clamd from the init script. As root: # /etc/init.d/clamd start -Bill --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Netsky P not being blocked, using 0.70-rc
On Sat, 2004-04-10 at 16:49, Jeff Ramsey wrote: On Apr 10, 2004, at 9:27 AM, Colin A. Bartlett wrote: Jeff Ramsey Sent: Friday, April 09, 2004 4:23 PM I have done some further testing, and I am blocking Somefool and Somefool.B, but I am not blocking variant P. FWIW, this same thing happened to me when I upgraded from Clam .60 to the latest version. Apparently I installed it in a different place so there were two version of my daily updates and it wasn't using the new one. Are you sure your virus signatures are being updated and include the SomeFool.P variant? Run sigtool --list | grep SomeFool to see if it's listed. cheers, Colin I ran the command above, and here are the results: Worm.Somefool Worm.Somefool.B Worm.Somefool.B.2 Worm.Somefool.D Worm.Somefool.E Worm.Somefool.F These ones are all working. How can I get freshclam to get the P variant file? Thanks, Jeff As has been implied earlier, double check your /etc/clamav.conf or /etc/clamd.conf and verify the DatabaseDirectory matches the DatabaseDirectory entry in /etc/freshclam.conf. Also, make sure that when freshclam is run, it is using the freshclam.conf file or explicitly sets the database directory via the command line to the place you think it should be. Here's what mine has in it for SomeFool: Worm.SomeFool.Gen-unp Worm.SomeFool.O Worm.SomeFool.P Worm.SomeFool.P-dll Worm.SomeFool.Q Worm.SomeFool.N Worm.SomeFool.R Worm.SomeFool.Q.2 Worm.SomeFool Worm.SomeFool.B Worm.SomeFool.B.2 Worm.SomeFool.D Worm.SomeFool.E Worm.SomeFool.F Worm.SomeFool.Gen-1 Worm.SomeFool.Gen-2 Worm.SomeFool.I Worm.SomeFool.K Worm.SomeFool.L Worm.SomeFool.M -Bill --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: amavisd-new not using clamd
On Mon, 2004-03-22 at 02:47, Wolfgang Cernohorsky wrote: Tom Munro Glass wrote: I have installed ClamAv and amavisd-new to work with Postfix. They are mostly working except that when I start amavisd I get the following message in maillog: Found secondary av scanner Clam Antivirus - clamscan at /usr/local/bin/clamscan When a message is sent to amavisd for scanning I get the following message: WARN: all primary virus scanners failed, considering backups I have checked that /usr/local/etc/clamav.conf and /usr/local/etc/amavisd.conf are both referring to the same socket file in /var/run/clamav/clamd. I am running both clamd and amavisd as user vscan so I don't understand why amavisd isn't using clamd. Maybe a silly question, but - you've uncommented the clamd section in amavisd.conf, and - clamd is running before amavisd starts? Another thing to check for it to make sure amavisd can find the socket file. You mention the socket file is in /var/run/clamav. I amavisd is running chroot, as it does by default on some systems, it is probably locked into /var/lib/amavis and can't see the socket file. If this is the case, change the path to the socket file to be /var/lib/amavis/clamd (or where ever the amavisd home is). There are other things you will need to change, such as the user clamd runs as (should be amavis) and some directory permissions. -Bill Randle [EMAIL PROTECTED] --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Postfix gateway to clamav
On Sun, 2004-02-22 at 02:39, Lasse B. Jensen wrote: On Sat, 21 Feb 2004, Jesper Juhl wrote: On Fri, 20 Feb 2004, Guillaume JULLIEN wrote: Hi, Trying to install clamav on a Debian, what gateway should I use : Amavisd-new, IVS-Milter, Mailscanner, Sagator or clamdmail ? Personally I'm using clamd + amavisd-new + postfix which works very well and processes ~3-4000 mails pr day. Im using exim + mailscanner + clamav + spamassassin avg 1 mail a day Postfix + amavisd-new + clamd + spamassassin, processing an average of 4 mails per day (vast majority rbl'd and rejected). ClamAV is detecting around 100 viruses per day in the messages that get past the rbls. Hardware is dual PII Xenon 400 with 256 MB RAM (could really use more). Load average runs between 0.5 - 2.5 most of the time. This box is configured as a front end to filter all incoming mail and forward to another box for delivery to user mail boxes. Mandrake Linux 9.2. -Bill --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Latest tarball make question
On Fri, 2004-02-20 at 01:40, Trog wrote: On Fri, 2004-02-20 at 07:25, Jaap Scholten wrote: Hi When I un-tar the latest clam-devel-x, I copy the new files over the existing directory structure (running RedHat 8.0, Clamav 0.67-1). Why? Just do: tar xvfz clam-devel-x cd clam-devel-x ./configure no need to be copying files around. True, but that won't solve the underlying problem that he doesn't have automake-1.6 installed. Many older systems don't have automake-1.6 or autoconf-2.5+. The solution is to either install the updated tools (automake, autoconf) or do diffs from the snapshot to the 0.67-1 base and just apply the patches to your 0.67-1 base. -Bill --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] freshclam update rate
I searched the archives, but didn't see an answer so pardon me if it's a FAQ. How often is it reasonable to call freshclam (either from cron or in daemon mode) to check for new virusdb updates? Obviously there's a tradeoff between detecting fast spreading viruses like MyDoom and overloading the db servers. Is once an hour too often? Once every 3-4 hours? -Bill --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam update rate
On Mon, 2004-02-16 at 15:11, Luke Scharf wrote: On Mon, 2004-02-16 at 16:35, Lionel Bouton wrote: Once an hour is fine, but if you use crontab please add a once randomly chosen sleep between 0 and 3599 second before launching freshclam. As lots of people using crontab put something like 0 * * * * ... The database mirrors have huge peaks of bandwidth usage each hour (and what's not good for the mirrors isn't good for the virus db availability). Something like : # echo $[ $RANDOM % 3600 ] 0 * * * * sleep value_given_above; freshclam --quiet Why didn't I think of that?!? :-) To add more randomness, I did it like so (on a Linux box where bash is always available): SHELL=/bin/bash 0 * * * * sleep $[ $RANDOM % 3600 ] ; /usr/bin/freshclam --quiet This does seem more polite than hitting it hard, right on the hour. Excellent ideas! I will implement Luke's version. -Bill --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users