Re: [clamav-users] Error Message from clamd

[Doug Hardie]

As far as I can tell, permissions are good.  However, I have learned a bit more 
from running ktrace on clamd.  Right after it gets called by clamav-milter, it 
calls cli_get_filepath_from_filedesc.  That module has code for Linux, MacOS, 
and WIN.  There is no code for FreeBSD.  None of the 3 existing sections are 
viable on FreeBSD and so I believe it returns a CL_BREAK which causes the error 
to be reported.  However, it appears to be treated as a warning as clamd 
continues to read the email from milter and process it.  For some reason 
though, it always returns OK even when I send it the EICAR test.  

I can live with the warning message, but I need it to detect viruses.  How can 
I debug that?

-- Doug

> On Apr 1, 2023, at 03:01, newcomer01 via clamav-users 
>  wrote:
> 
> is the path to your mails (maybe inbox only) correct configured?
> have your clamav and your maildir the same permissions?
> 
> 
> Von / From: Doug Hardie <mailto:bc...@lafn.org>
> An / To: Newcomer01 <mailto:newcome...@posteo.de>
> Gesendet / Sent: Samstag, April 01, 2023 um 10:17 (at 10:17 AM) +0200
> Betreff / Subject: [clamav-users] Error Message from clamd
>> I have started receiving the following error message on every received email:
>> 
>> Unable to determine the filepath given the file descriptor
>> 
>> FreeBSD 13.1, Postfix, clamav-milter, clamd
>> clamav-1.0.1,1
>> 
>> As a result the test virus is not detected, but the email gets a 
>> X-Virus-Status: Clean header added.  I can't find any description of this 
>> error anywhere.  How can I figure out what the problem is?
>> 
>> -- Doug
>> 
>> 
>> 
>> ___
>> 
>> Manage your clamav-users mailing list subscription / unsubscribe:
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/Cisco-Talos/clamav-documentation
>> 
>> https://docs.clamav.net/#mailing-lists-and-chat
> 
> ___
> 
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
> 
> https://docs.clamav.net/#mailing-lists-and-chat

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] Error Message from clamd

[Doug Hardie]

I have started receiving the following error message on every received email:

Unable to determine the filepath given the file descriptor

FreeBSD 13.1, Postfix, clamav-milter, clamd
clamav-1.0.1,1

As a result the test virus is not detected, but the email gets a 
X-Virus-Status: Clean header added.  I can't find any description of this error 
anywhere.  How can I figure out what the problem is?

-- Doug


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[Clamav-users] clamav 0.90 - FreeBSD 6.1

[Doug Hardie]

Another data point.

I upgraded from 0.88.7 to 0.90.  I use just clamav-milter driven from  
sendmail.  Version 0.88.7 worked fine.  Generally about every 2 to 3  
weeks it will hang and I have to restart it.   Its processing a  
couple hundred thousand email daily.  Version 0.90 seemed at first to  
run just fine.  However, after about 3 hours I started getting errors  
in the clamd log files.  So I tried switching to libthr as indicated  
in the earlier posts.  This seemed also to work except that I had  
consistent 0% idle time on the processor.  I run 70 - 80% idle with  
version 0.88.7.  I didn't let it run more than about an hour on 0.90  
as mail was starting to backup.  I had to switch back to 0.88.7.


However, as I look through the /etc/libmap.conf file I suspect that  
my libthr test was not valid.  I used:


[clamd]
libc_r.so.5 libthr.so.2
libc_r.so.6 libthr.so.2
libthr.so.2 libthr.so.2
libpthread.so.1 libthr.so.2
libpthread.so.2 libthr.so.2

I suspect the first line should have been:
[clamav-milter]

I am not going to subject my users to any more testing tonight.  I  
will have to retry that test again tomorrow evening. 
 
___

Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] odd problem w/clamd

[Doug Hardie]

On Jun 10, 2005, at 13:21, [EMAIL PROTECTED] wrote:


At 12:54 PM 6/10/2005, you wrote:


* [EMAIL PROTECTED] [EMAIL PROTECTED] [20050610 22:49]:  
wrote:

 At 10:44 AM 6/10/2005, you wrote:

 Problems with 0.85.1 seem to be confined to FreeBSD.
 Anything interesting in /var/log/clamd.log?

 nothing interesting. records of viruses found, and the startup
 logging. that's it.

 i've adjusted the number of concurrent connections inbound to the
 AS/AV server, and that seems to have helped somewhat.

What is that adjustment supposed to do/achieve?



to try to alleviate the problem described. absent a known cause,  
one experiments, does one not?




If your server is a busy one, you may try increasing the MaxThreads
value in clamd.conf. It's worked for me.



as i mentioned, clamd 0.85.1 has been working fine for me as well,  
up until a few days ago when this issue arose. here's my clamd.conf:


MaxThreads 10


You may want to increase that.  I run with 100 and that seems to have  
avoided problems on FreeBSE 4.6 and 5.3.



___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Re: Clamav-milter dies after working ok for some hours

[Doug Hardie]

On May 25, 2005, at 13:38, Stephen Gran wrote:


On Tue, May 24, 2005 at 11:43:45AM -0700, Doug Hardie said:


I believe I can make this occur at will (as long as there is a newer
database available).  However, I am running FreeBSD and don't know
for sure the equivallent to strace - ktrace perhaps.  Let me know
what you need and I will force it to hang.



Doug,

Can you run another test for me?  Try running the milter without
--external, but with --dont-wait.

It is difficult to tell from the sendmail source (it is a bit on the
hairy side) but it looks like it does not stop trying to use a  
milter if
one of the communications times out, which would explain this  
behavior.

--dont-wait changes the behavior at reload from timeout to immediate
tempfail.  If this fixes the problem, then we know exactly where the
issue is, and we can come up with a workaround (perhaps the workaround
is just use --dont-wait, but maybe something better)

A ktrace would also be great to confirm the internals, but just
confirmation that this makes the problem go away would be enough, I
think.  You are the first person I have talked to who can reliably
reproduce the problem, so unfortunately for you, you make the perfect
test case :)



Can do, but will have to wait till Sat.  I am leaving in 10 minutes  
to bring home son from college.  Weill be gone 2 days.

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Re: Clamav-milter dies after working ok for some hours

[Doug Hardie]

On May 24, 2005, at 08:56, Damian Menscher wrote:


On Tue, 24 May 2005, N Fung wrote:


--- N Fung [EMAIL PROTECTED] wrote:


--- Christopher X. Candreva [EMAIL PROTECTED] wrote:



Try with clamd and use the --external option to
clamav-milter.



Would the 'internal' mode be working again soon?  Thanks.



It was broken in 0.84, and will not work until someone finds the  
bug. If you have time and skills in multithreaded programming, I  
strongly encourage you to look through the source code.


There are several of us who have not jumped ship to the -- 
external mode, and are instead trying to understand what is causing  
the --internal mode to hang on occasion.  We'd appreciate help,  
though, as this has proven to be a very difficult bug to squash.   
In particular, we need someone to capture an strace during a hang.   
That will hopefully give a hint of exactly where it is hanging.


Compiling a list of hardware/software configurations that have/have  
not seen this bug would also be helpful.  For example, upgrading to  
a 2.6 kernel might be a solution, based on the reports I've seen.



I believe I can make this occur at will (as long as there is a newer  
database available).  However, I am running FreeBSD and don't know  
for sure the equivallent to strace - ktrace perhaps.  Let me know  
what you need and I will force it to hang.


___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Re: Clamav-milter dies after working ok for some hours

[Doug Hardie]

On May 24, 2005, at 11:53, Stephen Gran wrote:


On Tue, May 24, 2005 at 11:43:45AM -0700, Doug Hardie said:


I believe I can make this occur at will (as long as there is a newer
database available).  However, I am running FreeBSD and don't know  
for
sure the equivallent to strace - ktrace perhaps.  Let me know what  
you

need and I will force it to hang.



truss, maybe?  You can force the milter to think there is an update
available by touch'ing the database file.  So, a full trace of a  
running

milter process from start up until it hangs would be great, if you can
do so.  I believe there are options to truss similar to those to  
strace

to make it follow forks and child processes and so forth - enabling
those are vital for this.

It's likely to be big, so putting it online somewhere for perusal  
may be

preferable to sending to the list if you can.  If not, can you send it
to me off-list, and I'll put it up somewhere?


ktrace is effectively the same thing as truss so I used it.  There  
are two files available:


http://www.lafn.org/clamav/ktrace.html
http://www.lafn.org/clamav/clamd.html

ktrace.html is the output of ktrace - its about 14 MB
clamd.html is the clamd.log file entries - very small and probably of  
no value



___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Re: Clamav-milter dies after working ok for some hours

[Doug Hardie]

On May 24, 2005, at 13:21, Stephen Gran wrote:


On Tue, May 24, 2005 at 12:54:47PM -0700, Doug Hardie said:


ktrace is effectively the same thing as truss so I used it.  There
are two files available:

http://www.lafn.org/clamav/ktrace.html
http://www.lafn.org/clamav/clamd.html

ktrace.html is the output of ktrace - its about 14 MB
clamd.html is the clamd.log file entries - very small and probably of
no value



It is difficult to say from the provided ktrace file what is  
happening,

as there are no timestamps and all lines have the same pid.  One thing
that seems odd is that the milter appears to continue accepting and
processing input after a reload event has happened.  Not for the body,
ut for all other milter events (header, connect, etc).  That is a  
start

at least.

Is there a way to log seperately by pid or something with ktrace?  I
don't know it well, so I am not sure what arguments to tell you to  
pass

it.  Also, I am not sure that will even work - in a proper thread
implementation, all threads share a pid (but have different lwp  
id's) so

this may not be possible.


clamav-milter is only one process.  It has multiple threads but those  
are not visible to the kernel.  The problem does not occur  
immediately with a database reload.  It takes 10 or so minutes before  
it hangs/quits.  I suspect that the problem occurs when there are  
active messages that do not complete before some timeout value.   
clamav-milter is waiting for everything to go quiet, but on my  
receive mail server that never happens.  There are always 30-40  
active sendmail children.  As a result it never goes quiet.  I  
suspect that clamav-milter eventually gives up and thats when the  
problem occurs.  On my outgoing mail server which handles  
considerably less mail, most of the database updates do not cause a  
problem.  On my test server which handles 3 email daily it never  
causes a problem.


kdump will provide the timestamps if that would be helpful, but the  
entries are pretty much evenly spaced out over about a 5 minute  
period between when I touched the daily file and when it hung.


___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Re: Clamav-milter dies after working ok for some hours

[Doug Hardie]

On May 24, 2005, at 19:30, Damian Menscher wrote:


On Tue, 24 May 2005, Doug Hardie wrote:


On May 24, 2005, at 13:21, Stephen Gran wrote:


On Tue, May 24, 2005 at 12:54:47PM -0700, Doug Hardie said:


http://www.lafn.org/clamav/ktrace.html
http://www.lafn.org/clamav/clamd.html



clamav-milter is only one process.  It has multiple threads but  
those are not visible to the kernel.  The problem does not occur  
immediately with a database reload.  It takes 10 or so minutes  
before it hangs/quits.  I suspect that the problem occurs when  
there are active messages that do not complete before some timeout  
value.  clamav-milter is waiting for everything to go quiet, but  
on my receive mail server that never happens.  There are always  
30-40 active sendmail children.  As a result it never goes quiet.   
I suspect that clamav-milter eventually gives up and thats when  
the problem occurs.  On my outgoing mail server which handles  
considerably less mail, most of the database updates do not cause  
a problem.  On my test server which handles 3 email daily it never  
causes a problem.




Just to bring you (and anyone else joining us) up to speed, here's  
a description of how it's supposed to work:


When there's a database update, the milter wants everything to be  
quiet. So it stops accepting new connections.  It then waits for  
the currently-running children to finish.  Once n_children drops to  
0, it reloads the database and resumes accepting connections.


At least, that's the theory.  In practice, n_children isn't ever  
hitting 0, so it stays in the !accepting state forever.  For  
example, in the ktrace you posted, n_children dropped from 7 down  
to 2.  The fact that it never reached 0 is the entire problem.  Of  
course, nobody knows *why* it isn't reaching 0.  It might be from a  
hung scanner thread, or from a pthreads race condition, or even a  
locking issue.


The hope was that getting an strace of each thread of a hung milter  
would provide information on which of those causes was at fault,  
and perhaps enable us to actually locate the bug.


I frequently see sendmail children alive for over 30 minutes and  
sometimes considerably longer.  Some connections are very slow at  
transferring data.  I would guess its just not waiting long enough.



___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Re: clamav-milter quits (Doug Hardie)

[Doug Hardie]

On May 20, 2005, at 19:02, Stephen Gran wrote:


On Fri, May 20, 2005 at 08:49:32PM -0500, Damian Menscher said:


On Fri, 20 May 2005, Doug Hardie wrote:


On May 20, 2005, at 02:32, Trog wrote:



The accept call is done within Sendmail, I believe.



That would make sense except that the error message clams to be from
clamav-milter and the PID matches that of clamav-milter.



Actually Trog was right: the error message is generated by  
mi_listener()
in sendmail's .../libmilter/listener.c.  It's rather silly of  
sendmail

to log as if it's the milter, but there you have it.



Well, actually that would make it make it clamav-milter - it links
libmilter, and so uses all that code, right?  I mean, it is sendmail
code, but it's the binary clamav-milter that makes the error, if  
you see

what I mean.


Its definitely clamav-milter which calls libmilter which does the  
mi_listener right up front.  Unfortunately there is no indication of  
which argument to accept is causing the problem.  Looking around the  
info on the web indicates the most common usage of ERANGE is when a  
buffer is too small which would indicate a problem with the sockaddr.


I believe now that this problem is occuring within about 10 minutes  
after a database reload.  However, I am not seeing the same log  
messages that have been previously reported with this situation and  
on a test server that handles about 3 email daily there is no  
problem.  So, I am guessing that this problem only occurs if there is  
some current activity at the time a database update occurs.

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter quits

[Doug Hardie]

On May 21, 2005, at 02:23, Nigel Horne wrote:


On Friday 20 May 2005 14:44, Craig Green wrote:






 clamav 0.85.1 on two servers.  Both quit right about midnight.  I
found the following log entries on one of them:



Are you using FreeBSD?




We've had the milter quit on a couple of FreeBSD servers here--on  
0.85,

anyway.  We thought it was upon DB updates, but weren't certain.
Switching to --external seems to have helped, anyway.  We now run . 
85.1,

but we're still using --external so I don't know if the problem still
exists.



That's your problem. You've removed the quotes from your original  
post in this
followup (note to others - please don't do this, when there are a  
lot of support
emails you need help to put them all together - relying on my  
memory isn't

a good idea ;-) ) so
I can't remember the exact text and do the googling for you, but I  
do know

that a bit of googling will
point you into the direction of a freebsd patch.



Craig.


Now I am a bit confused too.  I can't tell if the patch you are  
referring to is in response to Craig or me.  In any case, I have  
tried to locate this patch looking for various combinations of   
clamav, clamav-milter, freebsd, 0.85.1 and a few others I don't  
recall.  The closest I have come is to a long discussion of a memory  
leak but I don't find any resolution or patch associated with that.   
What is the patch to?


___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] clamav-milter quits

[Doug Hardie]

 clamav 0.85.1 on two servers.  Both quit right about midnight.  I  
found the following log entries on one of them:

May 19 23:40:07 zoon clamav-milter[75664]: ClamAv: accept() returned  
invalid socket (Result too large), try again
May 19 23:40:43 zoon last message repeated 8 times
May 19 23:42:53 zoon last message repeated 34 times
May 19 23:43:43 zoon last message repeated 4 times
May 19 23:43:58 zoon clamav-milter[75664]: ClamAv: accept() returned  
invalid socket (Result too large), abort
May 19 23:44:14 zoon clamav-milter[75664]: Stopping ClamAV version  
0.85.1, clamav-milter version 0.85

I don't find an accept() anwhere in clamav-milter.  It is not using  
clamd.  the only message I find in the code is the last one.  The  
Result too large appears to be a error message of ERANGE but can't  
tell what call was involved.  ERANGE is not listed as one of the  
accept() errors.  The only thing I can think of is that on this  
server, it generates potentially several hundred short emails in a  
couple minutes shortly after midnight.  Perhaps they are overloading  
it?  The other server has no such similar load.  Its a quite lightly  
used mail server.  Didn't find any messages for it anywhere.
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Re: clamav-milter quits (Doug Hardie)

[Doug Hardie]

On May 20, 2005, at 02:32, Trog wrote:
On Fri, 2005-05-20 at 10:22 +0100, G.W. Haywood wrote:
Hi there,
On Fri, 20 May 2005 Doug Hardie wrote:

clamav 0.85.1 on two servers.  Both quit right about midnight.
I found the following log entries on one of them:
...
I don't find an accept() anwhere in clamav-milter.
It's a system call.  Check out 'man accept' (on a Unix-like system:).
I think he knows that.
The accept call is done within Sendmail, I believe.
That would make sense except that the error message clams to be from  
clamav-milter and the PID matches that of clamav-milter.

___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Force email scanning

[Doug Hardie]

I am using sendmail with clamav-milter to scan email.  Normally  
clamav-milter does not scan messages from the LAN or the machine  
unless you direct it to do so via the flags.  I would like to be able  
to put something into a message such that it would be scanned even  
though it would othwerwise not be scanned - in esseciance an override  
of the non-scanning options for that specific message.  I can make  
this happen by using -o but then all the locally generated mail is  
scanned which is not really necessary.
___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] clamav-milter logging

[Doug Hardie]

I have been running clamav 0.82.1 for some time without any known  
problems.  However, I finally have the time to upgrade and brought  
down the FreeBSD port for 0.85.1 and installed it.  Everything seems  
to work properly except for clamav-milter logging.  I had been  
running clamav-milter connecting to clamdscan and have now switched  
to clamav-milter doing it all.  When using clamd there would be only  
one entry in clamd.log for each virus detected.  Now, I am seeing 3  
entries for each virus:

May 17 16:31:51 zool clamav-milter[46052]: Starting ClamAV version  
0.85.1, clamav-milter version 0.85
May 17 16:32:31 zool clamav-milter[46052]: j4HNWUpC046057: /tmp/ 
clamav-080ef64658702e7c/msg.QPKiDh: ClamAV-Test-Signature Intercepted  
virus from [EMAIL PROTECTED] to [EMAIL PROTECTED]
May 17 16:32:31 zool clamav-milter[46052]: j4HNWUpE046057: /tmp/ 
clamav-080ef64658702e7c/msg.E9oA85: ClamAV-Test-Signature Intercepted  
virus from  to [EMAIL PROTECTED]
May 17 16:32:31 zool clamav-milter[46052]: j4HNWUpG046057: /tmp/ 
clamav-080ef64658702e7c/msg.wqGWOM: ClamAV-Test-Signature Intercepted  
virus from  to [EMAIL PROTECTED]

Why is this occuring and is there a way to get it back to only one  
entry?  I grep through clamd.log daily for Intercepted virus to  
generate notifications to users of the viruses intercepted.
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter logging

[Doug Hardie]

On May 17, 2005, at 17:24, Doug Hardie wrote:
I have been running clamav 0.82.1 for some time without any known  
problems.  However, I finally have the time to upgrade and brought  
down the FreeBSD port for 0.85.1 and installed it.  Everything  
seems to work properly except for clamav-milter logging.  I had  
been running clamav-milter connecting to clamdscan and have now  
switched to clamav-milter doing it all.  When using clamd there  
would be only one entry in clamd.log for each virus detected.  Now,  
I am seeing 3 entries for each virus:

May 17 16:31:51 zool clamav-milter[46052]: Starting ClamAV version  
0.85.1, clamav-milter version 0.85
May 17 16:32:31 zool clamav-milter[46052]: j4HNWUpC046057: /tmp/ 
clamav-080ef64658702e7c/msg.QPKiDh: ClamAV-Test-Signature  
Intercepted virus from [EMAIL PROTECTED] to [EMAIL PROTECTED]
May 17 16:32:31 zool clamav-milter[46052]: j4HNWUpE046057: /tmp/ 
clamav-080ef64658702e7c/msg.E9oA85: ClamAV-Test-Signature  
Intercepted virus from  to [EMAIL PROTECTED]
May 17 16:32:31 zool clamav-milter[46052]: j4HNWUpG046057: /tmp/ 
clamav-080ef64658702e7c/msg.wqGWOM: ClamAV-Test-Signature  
Intercepted virus from  to [EMAIL PROTECTED]

Why is this occuring and is there a way to get it back to only one  
entry?  I grep through clamd.log daily for Intercepted virus to  
generate notifications to users of the viruses intercepted.
___
I just noticed the last entry is to postmaster.  I don't understand  
why that would occur.  clamav-milter is running with:

-qfC
I have the f in there because its a test machine that doesn't  
normally handle mail so I need it to check all mail.
___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Virus Volumes

[Doug Hardie]

I have been running clamav for quite some time now.  For most of that 
time I was receiving between 1500 and 2000 viruses per day.  However, 
lately the number is down to about 200 per day.  I don't have any users 
complaining about receiving viruses so I don't think there is a problem 
with clamav.  Is the virus volume really decreasing?

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Virus Volumes

[Doug Hardie]

We have a number of those in operation, but they haven't really chnged 
since introducing clamav

On Apr 13, 2005, at 09:12, Christopher X. Candreva wrote:
On Wed, 13 Apr 2005, Doug Hardie wrote:
I have been running clamav for quite some time now.  For most of that 
time I
was receiving between 1500 and 2000 viruses per day.  However, lately 
the
number is down to about 200 per day.  I don't have any users 
complaining about
receiving viruses so I don't think there is a problem with clamav.  
Is the
virus volume really decreasing?
Are you doing any other firewalling/blocking ?  Blocking dynamic IP 
ranges
and IP's without reverse DNS put quite a dent in the number of viruses 
we
found at the scanner level.

==
Chris Candreva  -- [EMAIL PROTECTED] -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/
___
http://lurker.clamav.net/list/clamav-users.html
!DSPAM:425d450d288644851115176!

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamd exiting on signal 4 (FreeBSD)

[Doug Hardie]

On Nov 18, 2004, at 05:11, Robert Blayzor wrote:
I've been running clamd 0.80 for the past several weeks without any 
problems.  Suddenly in the last two days two different machines had 
clamd die and exit on signal 4. (SIGILL)

I tried looking for a core file but could not find one and the 
FreeBSD_4.x kernel did not say it dumped a core file.  Other 
setuid/gid programs seem to drop core fine and we seem to have the 
proper sysctl settings setup to do so.

I thought this was an isolated incident when the first server died 
yesterday, but this morning we had a totally different server do the 
same thing.  Is clamd trapping SIGILL?

Late update:  Appears that clamd was stripped of debugging symbols so 
probably no core files from that.  So is anyone else seeing clamd 
(0.80) exit on SIGILL ?
I have been running 0.80 on FreeBSD 4.6 (2 systems) for about a month 
and have not seen that problem.  It has been remarkedly stable.

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] ClamAV should not try to detect phishingandother social engineering attacks

[Doug Hardie]

On Nov 15, 2004, at 04:37, Julian Mehnle wrote:
Trog [EMAIL PROTECTED] wrote:
I am, unfortunately, familiar with SpamCop (and all the other similar
'tools'). As a listed contact for over 16million Internet IP 
addresses I
receive notices from such 'tools' all the time, and I've *never* had
one that is accurate yet.

They are incredibly dumb pieces of software that achieve nothing other
than annoying innocent sys admins and giving their mis-guided users a
warm feeling. Please stop using them [1].
Sorry, your rant is too vague to convince me.  I have heard a lot of 
fuzzy
criticism regarding SpamCop but nothing really concrete.
I administer an ISP and I receive numerous complaints about spammers 
via SpamCop.  During the last 6 years only one has actually proved to 
point to a problem.  One of my users had a virus and didn't know it.  
They parse the headers in the text of the message and presume they are 
valid.  That is the problem.  Those headers are almost always bogus.  
Only one of these messages actually traversed my ISP.  They just end 
up pestering me.  Basically I ignore them unless there is something 
that looks fishy.

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Re: TCP and UDP ports used by clamd

[Doug Hardie]

On Nov 1, 2004, at 09:53, René Berber wrote:
Nico,
Now my question: why is clamd listening on a TCP port (only one port 
but
the
This is fine, ClamD has to listen on a port otherwise no program 
would be
able to communicate with it. The port should be identical with the one
listed in the clamd.pid file in case you're using it.
I'm not sure about this.  The port is not usable, I did use telnet on 
it and
it connects but does not respond to anything (ping, version) and then
disconnects... at the same time clamd log shows an error select() 
error...

On the other hand, if clamd _needed_ a TCP port it should be one we 
could
configure (my configuration has the TCP port commented out, only the 
socket
is defined), to avoid the exact problem I had with Tripplite's program
complaining that the port it uses was not free.

port number varies) and also on 1,467 UDP ports?
I was just about asking the same question. Over time ClamD (not 
FreshClam)
opens (and leaves open) more and more UDP connections. Environment is
Cygwin, latest Cygwin1.dll snapshot version  latest (dev) versions 
of gcc
and modules.
It helps to know I'm not the only one seeing this odd behavior; this 
could
be a bug inside Cygwin if nobody else has seen this in other operating
systems.  I'll check and see if that's the problem.


FreeBSD 4.6 with clamav-.80 running for over a week.  Clamd normally 
only has 2 sockets open:  one for the input from clamav-milter and the 
other to syslog.  However, every now and then it has 5 sockets open.  2 
of them are tcp and the port is quite large.  One is open to the world 
and the other connected to localhost.  They only last less than a 
second.

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Performance Help - 100% cpu usage

[Doug Hardie]

On Oct 25, 2004, at 23:05, Odhiambo Washington wrote:
I would suggest that you DisableDefaultScanOptions in clamd.conf
and tune values according to your system. My servers do slightly
more than 800 smtp transfers per hour and I found out that working
with the DisableDefaultScanOptions commented out brought my server
to its knees. And my server is almost like yours, except it's Pentium
III Xeon 500MHz.
At any given moment, my SMTP service has average 300 child processes
so I used that value for MaxConnectionQueueLength. I am not sure
that is quite what it should be, but works for me is the key thing ;)
Those numbers seem unusual to me.  I am handling over 2800 emails per 
hour.  I don't recall ever seeing more than about 50 sendmail child 
processes active (except after an extended down period but even then it 
doesn't seem to get much above 150).

CPU: Pentium III/Pentium III Xeon/Celeron (701.59-MHz 686-class CPU)
Single processor, FreeBSD 4.6, clamav 0.80.  CPU utilization sits 
between 80 and 95% idle.

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] clamav-milter configuration options

[Doug Hardie]

On Oct 11, 2004, at 18:43, Scott Rothgaber wrote:
Doug Hardie wrote:

The list of parameters I use is too long for a command line.
Oh, come on! What's so bad about...
/usr/local/sbin/clamav-milter -l -i /var/run/clamav/clmilter.pid
-F /usr/local/etc/sig.txt /var/run/clamav/clmilter.sock
;-)
Take a quick look at the source. It's already on the developers' TODO 
list.
Thanks.  I can wait.  Having long lines for initiation are not good.  I 
have encountered quite a few situations in the last month where clamav 
just stopped working properly and had to be manually restarted.  If I 
am not at a terminal then I have to tell someone over the phone what to 
type to start it.  No way am I going to remember all that correctly or 
have it entered correctly.  Configuration files make things very clean 
and avoid problems.

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] clamav-milter configuration options

[Doug Hardie]

No.  FreeBSD
On Oct 12, 2004, at 01:25, Nigel Horne wrote:
On Monday 11 Oct 2004 23:22, Doug Hardie wrote:
I would like to see clamav-milter have a configuration file.  Either
clamd.conf or a separate one would be fine.  The list of parameters I
use is too long for a command line.
Are you using Red Hat Linux? If so already do that by modifying 
/etc/sysconfig/clamav-milter

-Nigel
--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] clamav-milter parameters

[Doug Hardie]

I would like to see clamav-milter be able to read its parameters from a 
file (clamd.conf or a separate file would be fine).  The command line I 
am using is just too long to manage easily.

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] clamav-milter configuration options

[Doug Hardie]

I would like to see clamav-milter have a configuration file.  Either 
clamd.conf or a separate one would be fine.  The list of parameters I 
use is too long for a command line.


---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] bug in clamav-milter PID file handling

[Doug Hardie]

On Sep 24, 2004, at 13:48, [EMAIL PROTECTED] wrote:
Matthew.van.Eerde wrote:
There seems to be a problem with clamav-milter's --pidfile option.
I retract this.  The --pidfile option is fine.

Line 1408 of clamav-milter.c has
fprintf(fd, %d\n, (int)getpid());
which will put a \n at the end of the pid value in the pid file.
ClamAV 0.80rc2/503/Thu Sep 23 12:32:44 2004 clamav-milter version 0.80 
on zoon.lafn.org


---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] bug in clamav-milter PID file handling

[Doug Hardie]

On Sep 24, 2004, at 16:30, [EMAIL PROTECTED] wrote:
Doug Hardie wrote:
On Sep 24, 2004, at 13:48, [EMAIL PROTECTED] wrote:
Matthew.van.Eerde wrote:
There seems to be a problem with clamav-milter's --pidfile option.
I retract this.  The --pidfile option is fine.

Line 1408 of clamav-milter.c has
fprintf(fd, %d\n, (int)getpid());
which will put a \n at the end of the pid value in the pid file.
Yes but I retract my opinion that this is a problem.  kill `cat 
clamav-milter.pid` wasn't working, and I wrongly blamed this on the 
newline.
It turned out after experiment that kill $PID wasn't working either.
But killall clamav-milter worked so I'm going with that.
The \n should not be in that print statement.  I use the pid file for 
checking to be sure servers are still running and that requires that 
the code be modified for that particular situation.


---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] announcing ClamAV 0.80rc

[Doug Hardie]

I have looked all over the clamav.net web pages and I can't find it.  
Where is it?


---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Virus Distribution

[Doug Hardie]

I have a cron job that scans the clamd.log file every day and counts 
the specific virusus found.  While the numbers tend to vary a bit from 
day to day the relative ratios between the various viruses found tend 
to stay the same - except for Worm.Zafi.B.  One day it will find 1100 
of them and the next day 8.  It is never consistent.  I am not seeing 
any significant number of viruses slipping through.  It seems to be 
some sort of distribution issue with that virus itself.  The others all 
seemed to come on strong at first and then die down to residual 
annoyances.  But not this one.  It keeps coming back in volume 
periodically.  Any ideas what makes this one so different from the 
rest?


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Virus Distribution

[Doug Hardie]

Those certainly could be it, but it is unusual compared with the other 
viruses we see daily.  I wonder if there is more to this one than has 
been foun yet.

On Sep 8, 2004, at 12:40, Timo Schöler wrote:
Thus spake Doug Hardie sometime Today...
On Sep 8, 2004, at 12:16, Timo Schöler wrote:
Doug Hardie wrote:
I have a cron job that scans the clamd.log file every day and 
counts the specific virusus found.  While the numbers tend to vary 
a bit from day to day the relative ratios between the various 
viruses found tend to stay the same - except for Worm.Zafi.B.  One 
day it will find 1100 of them and the next day 8.  It is never 
consistent.  I am not seeing any significant number of viruses 
slipping through.  It seems to be some sort of distribution issue 
with that virus itself.  The others all seemed to come on strong at 
first and then die down to residual annoyances.  But not this one.  
It keeps coming back in volume periodically.  Any ideas what makes 
this one so different from the rest?
perhaps this may be interesting stuff for you:
http://www.cs.berkeley.edu/~nweaver/sapphire/
Thanks but I would expect from that that the worm activity would tend 
to die down to a relatively constant nuisance level.  However, its 
not doing that every couple days I get another flood of them.
there may be several reasons:
i) changing network behaviour (route flaps, etc.)
ii) changing effectiveness of virus filters et al.
iii) built-in automatisms in worm/virus itself
NB: it is not always best to spread a virus/worm at the highest 
available speed (depends on number of infected hosts, bandwidth 
available to the hosts, etc.).

i'm sure i missed another point i didn't think of now ;)
--
mit vorzueglichster Hochachtung/best regards,
Timo Schoeler
//macfinity -- finest IT services | Triftstrasse 39 | 13353 Berlin | 
Germany
Fon ++49 30 25 20 30 20 | Fax ++49 30 25 20 30 19
PGP data http://www.macfinity.net/~tis/contact/PGPPKB_timo.schoeler.txt



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47alloc_id808op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Unusual Problem

[Doug Hardie]

I have two mail servers.  One is used by users sending mail, the other 
receives mail.  When a user sends me mail it goes through both servers. 
 Both are running sendmail with clamav-milter and clamav.  Normally I 
see the following header elements in such mail:

	X-Virus-Scanned: 	clamd / ClamAV version 0.75.1, clamav-milter version 
0.75c on zoon.lafn.org
	X-Virus-Scanned: 	clamd / ClamAV version 0.75.1, clamav-milter version 
0.75c on zoot.lafn.org

I have one user who has been trying for days to send me a message.  He 
has not been able to tell me the error message he gets accuratly so I 
had no idea whtat was happening.  However, today he got one through to 
me.  It contains a virus, CHRISTM3.EXE.  Now I know why he was having a 
hard time sending to me.  However, he eventually succeeded.  The 
message has the virus and no clamav headers from either system.  There 
is quite a bit of time lag between when it was accepted by the send 
server and when it was accepted by the receive server so the send 
server must have kept trying over and over again till it managed to get 
it through.  The lack of messages indicates that somehow it got through 
without invoking clam-milter.  Any ideas how that could have occurred?  
I see no evidence of any significant mail loads during that time.  The 
actual volume of mail was very low at that time.  No system error were 
generated and no other evidence of other mail slipping through.  Every 
message I check around them show the clamav headers and check messages 
in maillog.


---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink  Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamd segment violations

[Doug Hardie]

I just noticed that clamd has a large number of files opened that the 
directory entries have been deleted.  There are well over a hundred of 
them.  The sizes appear to be about right for emails.

On Jul 28, 2004, at 15:16, Doug Hardie wrote:
I am running
FreeBSD 4.6
ClamAV version devel-20040728
clamav-milter version 0.75b
Sendmail 8.12.3p3
I was using clamav-0.70-rc for a long time because it was stable and 
never crashed.  However, it started missing a lot of newer viruses so 
I upgraded to the version above.

Clamd is giving a segment violation every 2 to 6 hours and I have to 
restart it.  Thousands of messages are scanned while it is still 
running.   I have used the following different configure commands and 
I don't see any real change in the behavior:

configure --disable-urandom --enable-milter
configure --disable-urandom --enable-milter --enable-bigstack
I tried the following configure command but it fails to complete:
configure --disable-pthreads --disable-urandom --enable-milter 
--enable-bigstack
checking for mi_stop in -lmilter... no
configure: error: Cannot find libmilter

I need to get back to a stable version.  Any ideas on what I should 
try?

---
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamd segment violations

[Doug Hardie]

On Jul 29, 2004, at 00:32, Trog wrote:
On Wed, 2004-07-28 at 23:16, Doug Hardie wrote:
I was using clamav-0.70-rc for a long time because it was stable and
never crashed.  However, it started missing a lot of newer viruses so 
I
upgraded to the version above.

Clamd is giving a segment violation every 2 to 6 hours and I have to
restart it.  Thousands of messages are scanned while it is still
running.   I have used the following different configure commands and 
I
don't see any real change in the behavior:

Please attach gdb to the running clamd and do a backtrace when it
crashes.

Here is the first attempt:
[Switching to process 86282, thread 2]
Program received signal SIGSEGV, Segmentation fault.
0x281299a9 in _spinlock_debug () from /usr/lib/libc_r.so.4
(gdb)
Continuing.
I have no idea why it decided to continue at that point.  Anyway it 
just quit as normal so I couldn't get anything useful.  Trying again.  
Somehow I manage to miss the crashes.


---
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamd segment violations

[Doug Hardie]

I am running
FreeBSD 4.6
ClamAV version devel-20040728
clamav-milter version 0.75b
Sendmail 8.12.3p3
I was using clamav-0.70-rc for a long time because it was stable and 
never crashed.  However, it started missing a lot of newer viruses so I 
upgraded to the version above.

Clamd is giving a segment violation every 2 to 6 hours and I have to 
restart it.  Thousands of messages are scanned while it is still 
running.   I have used the following different configure commands and I 
don't see any real change in the behavior:

configure --disable-urandom --enable-milter
configure --disable-urandom --enable-milter --enable-bigstack
I tried the following configure command but it fails to complete:
configure --disable-pthreads --disable-urandom --enable-milter 
--enable-bigstack
checking for mi_stop in -lmilter... no
configure: error: Cannot find libmilter

I need to get back to a stable version.  Any ideas on what I should try?

---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] syslog facility

[Doug Hardie]

On Apr 5, 2004, at 15:56, rosander wrote:

Can anyone comment if clamd support setting specific syslog facilities 
and if so how I would set it in the conf file? I paroused the 
documentation but nothing poped out at me except the switch to enable 
output to syslog.
The facility is hard coded to LOG_LOCAL6 in the source.  I doubt that 
much is alterable without changing the source and rebuilding.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Troubles with recent clamav's

[Doug Hardie]

On Mar 19, 2004, at 05:17, Robert Blayzor wrote:

On 3/18/04 5:40 PM, Doug Hardie [EMAIL PROTECTED] wrote:

My quick look at the code behind --disable-urandom gave me the
impression that it only disabled the test for urandom and forced clamd
to use urandom.  Thats why I manually deleted the define.  I guess I
will have to look a bit closer.  That would be easier to remember when
moving to a new version.

From what I read through configure is that when using 
--disable-urandom it
reverts back to using just rand().  Since I did this, our servers have 
been
running 14+ hours without a single hang and all the databases seem to 
have
loaded with a second or two instead of multiple minutes.

I'm hoping that this urandom problem is addressed in the future.  I'm 
not
exactly sure of what the problem is and why clamd hangs, disabling
/dev/urandom should not be the fix, but rather the workaround.
Well, I went back and rebuilt clamd with --disable-urandom and thats 
exactly what it does.  It comments out the define of C_URANDOM.  I 
don't quite see how it does that yet, but thats not important.  It make 
clamd stable for me.  I agree that not checking for errors in the read 
statement is incorrect, but the workaround does work.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Troubles with recent clamav's

[Doug Hardie]

On Mar 16, 2004, at 11:48, Everton da Silva Marques wrote:

On Tue, Mar 16, 2004 at 03:36:40PM +0200, turgut kalfaoglu wrote:
I am running clamav under SunOS 5.8.  Ever since version 0.67 (or so,  
I
am not checking them regularly) , I have been unable to leave ClamAV
running. It does run, but after some minutes, it stops processing
emails. It is still running, in fact, it uses up to 85% of the CPU(!),
but no email goes thru. Did anyone else experience this problem?
Yes.

I have posted a similiar issue here:
http://www.mail-archive.com/[EMAIL PROTECTED]/ 
msg06462.html

Doug Hardie is tracking a similar issue:
http://www.mail-archive.com/[EMAIL PROTECTED]/ 
msg06907.html
The problem I encountered has now been identified and I have a working  
clamd that does not hang.  I compiled it two different ways and both  
worked.  The problem was /dev/urandom returning either a -1 or a 0.   
Either of those will cause others.c to hang as it does not test for  
that condition.  One approach was to put in a trivial test for it and  
exit from the loop.  The other was to remove the define for C_URANDOM  
in the .h file.  Both of those approaches worked in my testing.  Since  
I couldn't easily determine if the first would have some side effects  
if it didn't return enough random bits, I have gone with the second  
approach.  My production server has been running for slightly over 6  
hours now and no problems have been seen.

In case it might help someone else, the approach I used to find the  
problem was to use a test system and pass a large number of directories  
(The FreeBSD source code) to clamdscan and let it beat clamd up for  
about 5 minutes.  Then I let it finish what it could and return to its  
idle state.  At that point it was using all the available CPU time.   
I entered it via gdb and let it single step around awhile to find out  
where it really was and what was going on.  Ktrace was not helpful as  
it kept showing a poll with a time period of 0.  Apparently the poll is  
in the read code.  A messy way to test, but it worked.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problems with clamd

[Doug Hardie]

On Mar 8, 2004, at 13:18, Doug Hardie wrote:

After a review of clamd/session.c and the developers forum archives I 
know what the cause of my problem is, but not necessarily why.  The 
version that works (clamd / ClamAV version devel-20040209', 
clamav-milter version '0.66m) does not use either poll or select.  At 
least neither is called directly.  All of the later versions use 
select and they fail - when calling poll.  So I suspect that on my 
system select is calling poll.  However, the time field is getting 
set to zero when the source code clearly indicates that it should be 
non-zero.  The time field is reset to a constant after each select 
call.  Recompiling with no optimization does not change the outcome 
so its not likely to be an overlay either.  I am guessing that 
haveing quite a number of threads active may be too much for select 
which may be getting them confused.  However, thats a wild guess.  I 
have no idea how to check that out.

Granted I am only working with one OS type/version, but it appears to 
me that neither the poll or select is reuqired.  The accept seems to 
handle the situation fine by itself.
The above should have included both session.c and scanner.c.
I have been playing with .70rc and have finally found a way to create 
the problems above on a test system.  Its bizarre, but what I do is 
feed all the source to FreeBSD to clamdscan and wait until top shows 
virtually no idle time.  Stopping the feed leaves clamd running and 
eating up all the processor.  Then I can run gdb on it.  It shows some 
(but not all) of the threads are hung around line 282 of cl_rndnum in 
others.c.  It is trying to read /dev/urandom and appears to be getting 
back zero bytes (or possibly a -1) and just sits in that loop forever.  
I can't imagine why urandom is failing as it doesn't seem to fail in 
any other application.  Unfortunately, I was not able on the first try 
to figure out how to print out bread.  gdb kept saying it didn't exist. 
 I am tempted to insert the statement:

 if (bread = 0) break;

after the read statement but down't know what side affects that might 
cause.  I'll probably give it a try and see what breaks.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problems with clamd

[Doug Hardie]

On Mar 15, 2004, at 18:44, Doug Hardie wrote:

On Mar 8, 2004, at 13:18, Doug Hardie wrote:

After a review of clamd/session.c and the developers forum archives 
I know what the cause of my problem is, but not necessarily why.  
The version that works (clamd / ClamAV version devel-20040209', 
clamav-milter version '0.66m) does not use either poll or select.  
At least neither is called directly.  All of the later versions use 
select and they fail - when calling poll.  So I suspect that on my 
system select is calling poll.  However, the time field is getting 
set to zero when the source code clearly indicates that it should be 
non-zero.  The time field is reset to a constant after each select 
call.  Recompiling with no optimization does not change the outcome 
so its not likely to be an overlay either.  I am guessing that 
haveing quite a number of threads active may be too much for select 
which may be getting them confused.  However, thats a wild guess.  I 
have no idea how to check that out.

Granted I am only working with one OS type/version, but it appears 
to me that neither the poll or select is reuqired.  The accept seems 
to handle the situation fine by itself.
The above should have included both session.c and scanner.c.
I have been playing with .70rc and have finally found a way to create 
the problems above on a test system.  Its bizarre, but what I do is 
feed all the source to FreeBSD to clamdscan and wait until top shows 
virtually no idle time.  Stopping the feed leaves clamd running and 
eating up all the processor.  Then I can run gdb on it.  It shows some 
(but not all) of the threads are hung around line 282 of cl_rndnum in 
others.c.  It is trying to read /dev/urandom and appears to be getting 
back zero bytes (or possibly a -1) and just sits in that loop forever. 
 I can't imagine why urandom is failing as it doesn't seem to fail in 
any other application.  Unfortunately, I was not able on the first try 
to figure out how to print out bread.  gdb kept saying it didn't 
exist.  I am tempted to insert the statement:

 if (bread = 0) break;

after the read statement but down't know what side affects that might 
cause.  I'll probably give it a try and see what breaks.
With that change clamd withstood the barrage of source thrown at it and 
returned eventually to zero CPU utilization.  If it would be of any 
help/interest I could put some form of logging in that check and see 
what the return was.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] usefulness of complaining to abuse@whatever.com for Netsky/Bagle

[Doug Hardie]

On Mar 14, 2004, at 11:57, jef moskot wrote:

It looks like you get the proper IP of the offending machine firing off
these worms in the header (even though everything else is forged).
Is there any point in telling [EMAIL PROTECTED] that one of their DSL
customers is spamming the Internet with noxious messages?  Anyone have 
any
experience regarding these warnings being responded to properly?

I know you can often get educational and small business sys admins to 
take
care of the problem (and often they're thankful of the warning), but I
wonder if it's worth the effort to notify the big guys.
It all depends on the person first receiving the notice at 
giantISP.com.  If they feel they have to go to management, forget it.  
You will never get anything accomplished except for a string of denials 
that it came from their users.  However, there are occasions were it 
gets seen by someone who knows what they are doing and takes care of 
the situation.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ScanMail destabilizing clamd?

[Doug Hardie]

On Mar 5, 2004, at 11:54, Everton da Silva Marques wrote:

Hi,

I'm testing clamd from CVS as of 2004-03-04
under Solaris 7 on Sparc with the following
basic config:
# clamav.conf
LogFile /var/adm/clamav/clamd.log
LogFileMaxSize 10M
LogTime
PidFile /var/adm/clamav/clamd.pid
TCPSocket 3310
TCPAddr 127.0.0.1
StreamSaveToDisk
StreamMaxLength 30M
MaxThreads 10
MaxDirectoryRecursion 15
User clamav
AllowSupplementaryGroups
ScanOLE2
#ScanMail
ScanArchive
ArchiveMaxFileSize 30M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200
ArchiveDetectEncrypted
clamd seems pretty stable, unless the
ScanMail option is enabled. If I
turn ScanMail on, clamd eventually
goes wild and consumes huge amounts of
CPU cycles indefinitely. My current fix
is to restart clamd.
Is ScanMail known to be unstable?

I'm searching for similar experiences.
Please share your thoughts.
I have gone back to devel-20040209 which does not have that problem.  
Something was changed shortly after that snapshot that causes the 
problem.  I have tried a number of versions since then and all lock up 
the cpu.  I am putting in a bit of time to try and find the specific 
change that causes it but haven't succeeded so far.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problems with clamd

[Doug Hardie]

On Mar 5, 2004, at 02:41, Trog wrote:

On Fri, 2004-03-05 at 01:15, Doug Hardie wrote:

I just uncommented the thread timeout the last time I restarted clamd
a couple minutes ago so I don't know what effect that will have.
ThreadTimeout isn't used in the current CVS version.

Here is some more information:  After running with the timeout set to
500, clamd no longer dies.  It chugs along for quite awhile (about 10
minutes) at full cpu usage and then returns to normal use.  I don't 
see
anything different in the load between the periods.  However a ktrace
of clamd shows a significant difference.  Normally clamd shows nothing
much when idle and it shows the messages being received (read) when
processing a message.  However, when its running at full cpu
utilization, ktrace shows thousands of sequences like:

   8313 clamdPSIG  SIGPROF caught handler=0x28116228 mask=0x0
code=0x0
   8313 clamdCALL  gettimeofday(0x2815fe4c,0)
   8313 clamdRET   gettimeofday 0
   8313 clamdCALL  sigprocmask(0x3,0x2815fed8,0)
   8313 clamdRET   sigprocmask 0
   8313 clamdCALL  sigaltstack(0x2817c000,0)
   8313 clamdRET   sigaltstack 0
   8313 clamdCALL  poll(0x806f000,0x1,0)
   8313 clamdRET   poll 0
   8313 clamdCALL  sigreturn(0x808ac64)
   8313 clamdRET   sigreturn JUSTRETURN
and then there will be one message processed and then back to a few
more thousand of those sequences.
This looks entirely broken. Your trace indicates that the last argument
to poll (the timeout) is zero. The code looked like this
count = poll(poll_data, 1, CL_DEFAULT_SCANTIMEOUT*1000);

i.e. the timeout *can't* be zero unless you changed the value of
CL_DEFAULT_SCANTIMEOUT or your system is fundamentally broken.
unless your system is using poll to spin somewhere.

-trog
That was my thought also.  I don't know why its zero.  When clamd is 
only using about 2% of the cpu, the number is on the order of 5 to 10 
seconds.  However, something is very unusual here.  The line of code 
above is not in the version I am using.  I am using the snapshot from 
the morning of 4 Mar.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Problems with clamd

[Doug Hardie]

I am trying to use clamav to scan mail on a prduction mail server that 
has fairly high volume of mail and quite a large volume of viruses 
being receivied.  The only version of clamd I can run for any duration 
is clamav-devel-20040209.  That version runs for 4 to 5 days on my 
production mail server before dying.   Everything since then can't last 
over an hour.  I am trying clamav-devel-20040304 right now and it has 
managed to last an hour twice and 44 minutes once.  What happens is 
that clamd runs using less than 3% of the cpu until it nears the end.  
Then it takes over all the available cpu running idle to zero.  It 
continues to function this way for a couple minutes and then quits 
responding at all to clamav-milter.  Then it goes away quietly.  The 
only messages associated with it are notes from sendmail that it is 
unable to malloc more memory.  I have submitted debug logs etc. but 
heard nothing back.

One possibility is that this is a thread issue.  Perhaps the 
clamav.conf settings are not optimal for this volume.  However, I don't 
see anyway to determine the thread usage.  If it used processes the 
standard unix tools would let me see what is going on.  I don't see 
anything similar for threads.  The appropriate entries are:

StreamSaveToDisk
StreamMaxLength 5M
MaxThreads 200
#ThreadTimeout 500
I just uncommented the thread timeout the last time I restarted clamd a 
couple minutes ago so I don't know what effect that will have.

Running on FreeBSD 4.6 with sendmail
clamd / ClamAV version devel-20040304, clamav-milter version 0.67j
I really don't want to have to go back to the old version as the volume 
of encrypted zip files is quite large.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problems with clamd

[Doug Hardie]

On Mar 4, 2004, at 15:02, Doug Hardie wrote:

I am trying to use clamav to scan mail on a prduction mail server that 
has fairly high volume of mail and quite a large volume of viruses 
being receivied.  The only version of clamd I can run for any duration 
is clamav-devel-20040209.  That version runs for 4 to 5 days on my 
production mail server before dying.   Everything since then can't 
last over an hour.  I am trying clamav-devel-20040304 right now and it 
has managed to last an hour twice and 44 minutes once.  What happens 
is that clamd runs using less than 3% of the cpu until it nears the 
end.  Then it takes over all the available cpu running idle to zero.  
It continues to function this way for a couple minutes and then quits 
responding at all to clamav-milter.  Then it goes away quietly.  The 
only messages associated with it are notes from sendmail that it is 
unable to malloc more memory.  I have submitted debug logs etc. but 
heard nothing back.

One possibility is that this is a thread issue.  Perhaps the 
clamav.conf settings are not optimal for this volume.  However, I 
don't see anyway to determine the thread usage.  If it used processes 
the standard unix tools would let me see what is going on.  I don't 
see anything similar for threads.  The appropriate entries are:

StreamSaveToDisk
StreamMaxLength 5M
MaxThreads 200
#ThreadTimeout 500
I just uncommented the thread timeout the last time I restarted clamd 
a couple minutes ago so I don't know what effect that will have.

Running on FreeBSD 4.6 with sendmail
clamd / ClamAV version devel-20040304, clamav-milter version 0.67j
I really don't want to have to go back to the old version as the 
volume of encrypted zip files is quite large.
Here is some more information:  After running with the timeout set to 
500, clamd no longer dies.  It chugs along for quite awhile (about 10 
minutes) at full cpu usage and then returns to normal use.  I don't see 
anything different in the load between the periods.  However a ktrace 
of clamd shows a significant difference.  Normally clamd shows nothing 
much when idle and it shows the messages being received (read) when 
processing a message.  However, when its running at full cpu 
utilization, ktrace shows thousands of sequences like:

  8313 clamdPSIG  SIGPROF caught handler=0x28116228 mask=0x0 
code=0x0
  8313 clamdCALL  gettimeofday(0x2815fe4c,0)
  8313 clamdRET   gettimeofday 0
  8313 clamdCALL  sigprocmask(0x3,0x2815fed8,0)
  8313 clamdRET   sigprocmask 0
  8313 clamdCALL  sigaltstack(0x2817c000,0)
  8313 clamdRET   sigaltstack 0
  8313 clamdCALL  poll(0x806f000,0x1,0)
  8313 clamdRET   poll 0
  8313 clamdCALL  sigreturn(0x808ac64)
  8313 clamdRET   sigreturn JUSTRETURN

and then there will be one message processed and then back to a few 
more thousand of those sequences.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] TCP Wrapper Support in clamav-milter

[Doug Hardie]

I am trying to get clamd / ClamAV version devel-20040221, clamav-milter 
version 0.67g working.  There have been some changes in TCP Wrapper 
support that leave me a bit confused.  smfi_getsymval is called to get 
{if_name}.  Where is that set?  The messages in syslog indicate that 
its not set.  By adding unkinown to 127.0.0.1 in the hosts file it 
works fine, but I don't believe that was the intended approach.  If 
nothing else it generates an error message about {if_name} for every 
message processed.



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Error Message

[Doug Hardie]

On Feb 16, 2004, at 00:34, Nigel Horne wrote:

On Monday 16 Feb 2004 4:37 am, Doug Hardie wrote:

Feb 15 19:14:18 1.4 zoon clamav-milter: ClamAv: private data not 
NULL
 What does the message mean and is
there a configuration parameter I need to alter to avoid it?
This sounds like an error thrown by sendmail even though sendmail 
makes it
look like it came from clamav. Check your sendmail.mc file is correct.

What operating system is this?
FreeBSD 4.6

What arguments are you using to call clamav-milter?
/usr/local/sbin/clamav-milter -f -q --quarantine-dir=/var/clamav

Is clamd still running? (run ps -e | fgrep clamav, or ps -a | fgrep 
clamav according to your operating system).
Yes it continues to run, however, after a few of those messages it 
quits scanning new messages and I start getting timeout messages.

-Nigel

--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

-- Doug



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Error Message

[Doug Hardie]

On Feb 16, 2004, at 01:52, Andy Fiddaman wrote:



On Mon, 16 Feb 2004, Nigel Horne wrote:

; On Monday 16 Feb 2004 4:37 am, Doug Hardie wrote:
;
;  Feb 15 19:14:18 1.4 zoon clamav-milter: ClamAv: private data not 
NULL
;   What does the message mean and is
;  there a configuration parameter I need to alter to avoid it?
;
; This sounds like an error thrown by sendmail even though sendmail 
makes it
; look like it came from clamav. Check your sendmail.mc file is 
correct.

This is a message from libmilter which means that the milter returned 
from
cb_eom or that the milter context session terminated in some other way 
but
that the context private data was not NULL - so it's a problem in the
milter somewhere - probably just a condition where clamfi_cleanup isn't
called. The warning is just to let you know that there's a memory leak.
Thanks.  I found the message in libmilter.  I suspect this may be the 
reason that I periodically run out of memory.  Occasionally sendmail 
completely loses all ability to function and I get a large string of 
out of memory errors from it (malloc unable to allocate).  I have to 
restart sendmail, clamd, and clamav-milter to get things going again.

(While I'm looking, there are also a few places where memory can leak 
in
clamfi_envfrom. It mallocs the private data structure then can return
without freeing it or assigning it to the session context, so it will
never be cleaned up. It just needs a few free(privdata) calls before 
the
'return cl_error' lines.)

Andy

---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

-- Doug



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Error Message

[Doug Hardie]

I am occasionally receiving a number of the following entries in 
/var/log/messages:

Feb 15 19:14:18 1.4 zoon clamav-milter: ClamAv: private data not NULL

Shortly after they start, some threads start returning an error to 
sendmail.  Some time after that all the threads are returning an error.  
I can't find this message in either clamav-milter or in clamd unless it 
is from one of the assert statements.  What does the message mean and is 
there a configuration parameter I need to alter to avoid it?

ClamAV version 'clamd / ClamAV version devel-20040209', clamav-milter 
version '0.66m'



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] ClamAV versions

[Doug Hardie]

I have been running with devel-20040209 for a week or so since 0.65 
didn't meet my needs.  The development version does.  However, 0.66 has 
now been released.  Is it based on 0.65 or the development branch?



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Postmaster Notifications

[Doug Hardie]

I am running clamav-milter from clamav-devel-20040209 and trying to get 
it to not send mail to postmaster when it finds a virus.  With version 
0.65 I used clamav-milter -ol local:/var/run/virus.sock and it worked 
properly.  However, things have changed.  As best as I can tell the 
equivallent should be clamav-milter -f -q local:/var/run/virus.sock but 
that still sends mail to postmaster for each virus found.  What am I 
doing wrong?



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: Postmaster Notifications

[Doug Hardie]

In article [EMAIL PROTECTED],
 Doug Hardie [EMAIL PROTECTED] wrote:

 I am running clamav-milter from clamav-devel-20040209 and trying to get 
 it to not send mail to postmaster when it finds a virus.  With version 
 0.65 I used clamav-milter -ol local:/var/run/virus.sock and it worked 
 properly.  However, things have changed.  As best as I can tell the 
 equivallent should be clamav-milter -f -q local:/var/run/virus.sock but 
 that still sends mail to postmaster for each virus found.  What am I 
 doing wrong?

I have narrowed down the issue such that mail sent from the mail server 
host itself when it has a virus will send mail to postmaster with the 
above configuration.  However, mail from client machines does not.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Postmaster Notifications

[Doug Hardie]

On Feb 10, 2004, at 05:47, Nigel Horne wrote:

I am running clamav-milter from clamav-devel-20040209 and trying to 
get
it to not send mail to postmaster when it finds a virus.  With version
0.65 I used clamav-milter -ol local:/var/run/virus.sock and it worked
properly.


What version are you running now (clamav-milter --version)?

-Nigel

clamav-devel-20040209




---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Saved virus files

[Doug Hardie]

Running clamav-devel-20040209.  At first I found it left a lot of files 
reamining with no entries in the file structures.  However, previous 
messages here identified the issue and I switched to using 
quarantine-dir to give them a home.  However, at this time the number 
of viruses being blocked is quite large.  That directory is growing 
quite large with known viruses/worms for which it would be most 
unhelpful to report.  So, I have no use for those files.  Is there a 
configuration option to cause those to be deleted rather than saved?  
Since the files currently being colllected to be scanned are there also 
I can't just delete everything.  After they are a day old I can easily 
delete them but that will be a lot of files to hold on to.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Postmaster Notifications

[Doug Hardie]

On Feb 10, 2004, at 02:20, Nigel Horne wrote:

On Tuesday 10 Feb 2004 8:30 am, Doug Hardie wrote:
 However, things have changed.  As best as I can tell the
equivallent should be clamav-milter -f -q local:/var/run/virus.sock 
but
that still sends mail to postmaster for each virus found.
-q does stop messages being generated by the milter to postmaster et 
al.
Please post a sample of the mails you are seeing.
I have found the cause of the notification to postmaster.  Its not 
clamav.  Ever since sendmail got split into 2 separate processes the 
maillog entries have been difficult to properly parse.  After much 
reveiw of the logs, I find it is the user level sendmail that is 
generating the notification to postmaster.  Somehow I managed to get 
the entries confused yesterday.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users