Re: [clamav-users] How to download and update main.cvd and daily.cvd manually AND update mirrors
Hello Tom M, 1) I did sudo mv /var/lib/clamav/mirrors.dat /home/user sudo /etc/init.d/clamav-freshclam stop sudo freshclam ClamAV update process started at Fri Dec 15 19:45:53 2017 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net ERROR: getpatch: Can't download daily-24011.cdiff from database.clamav.net WARNING: Incremental update failed, trying to download daily.cvd Downloading daily.cvd [100%] WARNING: Mirror 193.92.150.194 is not synchronized. Giving up on database.clamav.net... Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons. 2) Then I did: sudo nano /etc/clamav/freshclam.conf # and in freshclam.conf changed "DatabaseMirror db.local.clamav.net" to "DatabaseMirror db.bg.clamav.net" (I am from Bulgaria) # It worked! I'll try to look it out in the Archives. But even if it was there, I wouldn't know due to lack of knowledge and experience. I guess "WARNING: Mirror 193.92.150.194 is not synchronized." means that freshclam cannot find my country database. Thanks again Tom M. You are the best! Merry Christmas and Happy New Year! Best regards, George 2017-12-15 16:20 GMT+02:00 Thomas McCourt (tmccourt) <tmcco...@cisco.com>: > Hello George, > > > 1) Did you delete mirror.dat, then re-run freshclam? > 2) Did you include in your freshclam.conf your countryside in the > DatabaseMirror section? Db.xy.clamav.net? Once doing that, run freshclam. > > > Thanks, > > > Tom M > > > > > On 12/15/17, 4:52 AM, "clamav-users on behalf of George" < > clamav-users-boun...@lists.clamav.net on behalf of gdparlic...@gmail.com> > wrote: > > >Hi Dennis, > > > >Thanks again for your answer. > >I just checked and clamav can read the main.cvd and the daily.cvd. It > >cannot write. I hope that's what you meant. > >Otherwise, when I tried a manual update. I did what follows but, as you > can > >see, to no avail: > > > >user@virus:~$ sudo /etc/init.d/clamav-freshclam stop > >[ ok ] Stopping clamav-freshclam (via systemctl): > clamav-freshclam.service. > >user@virus:~$ sudo freshclam > >ClamAV update process started at Fri Dec 15 11:46:39 2017 > >main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: > >sigmgr) > >WARNING: getpatch: Can't download daily-24011.cdiff from > db.local.clamav.net > >WARNING: getpatch: Can't download daily-24011.cdiff from > db.local.clamav.net > >WARNING: getpatch: Can't download daily-24011.cdiff from > db.local.clamav.net > >WARNING: getpatch: Can't download daily-24011.cdiff from > db.local.clamav.net > >WARNING: getpatch: Can't download daily-24011.cdiff from > db.local.clamav.net > >WARNING: Incremental update failed, trying to download daily.cvd > >WARNING: Can't download daily.cvd from db.local.clamav.net > >Trying again in 5 secs... > >... > >ClamAV update process started at Fri Dec 15 11:47:07 2017 > >main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: > >sigmgr) > >WARNING: getpatch: Can't download daily-24011.cdiff from > database.clamav.net > >WARNING: getpatch: Can't download daily-24011.cdiff from > database.clamav.net > >WARNING: getpatch: Can't download daily-24011.cdiff from > database.clamav.net > >WARNING: getpatch: Can't download daily-24011.cdiff from > database.clamav.net > >ERROR: getpatch: Can't download daily-24011.cdiff from > database.clamav.net > >WARNING: Incremental update failed, trying to download daily.cvd > >ERROR: Can't download daily.cvd from database.clamav.net > >Giving up on database.clamav.net... > >Update failed. Your network may be down or none of the mirrors listed in > >/etc/clamav/freshclam.conf is working. Check > >http://www.clamav.net/doc/mirrors-faq.html for possible reasons. > > > >I don't know what to do here. > > > >Best regards, > >George > > > >2017-12-14 18:53 GMT+02:00 Dennis Peterson <denni...@inetnw.com>: > > > >> Did you make sure permissions are set so that the clam user can read > them? > >> > >> > >> > >> On 12/14/17 8:49 AM, George wrote: > >> > >>> Hi, > >>> > >>> I mistakingly copied this twice in the email. But I did it as
Re: [clamav-users] How to download and update main.cvd and daily.cvd manually AND update mirrors
My mistake, clamav has both rw permissions. Thanks! user@virus:~$ ls -la /var/lib/clamav total 215016 drwxr-xr-x 2 clamav clamav 4096 dec 15 18:25 . drwxr-xr-x 82 root root4096 sep 2 16:09 .. -rw-r--r-- 1 clamav clamav766976 nov 3 20:34 bytecode.cld -rw-r--r-- 1 clamav clamav 42567087 dec 6 19:53 daily.cvd -rw-r--r-- 1 clamav clamav 117892267 dec 6 18:56 main.cvd -rw--- 1 clamav clamav 104 dec 15 18:25 mirrors.dat -rw-r--r-- 1 clamav clamav 58927418 nov 3 20:34 safebrowsing.cvd 2017-12-15 16:27 GMT+02:00 Micah Snyder (micasnyd) <micas...@cisco.com>: > Hang on, did you just say that clamav doesn’t have write permissions to > the databases? That /would/ explain why freshclam can’t save the new > database files. > > > Micah Snyder > Software Engineer > Talos > Cisco Systems, Inc. > > > > On Dec 15, 2017, at 4:52 AM, George <gdparlic...@gmail.com gdparlic...@gmail.com>> wrote: > > Hi Dennis, > > Thanks again for your answer. > I just checked and clamav can read the main.cvd and the daily.cvd. It > cannot write. I hope that's what you meant. > Otherwise, when I tried a manual update. I did what follows but, as you can > see, to no avail: > > user@virus:~$ sudo /etc/init.d/clamav-freshclam stop > [ ok ] Stopping clamav-freshclam (via systemctl): clamav-freshclam.service. > user@virus:~$ sudo freshclam > ClamAV update process started at Fri Dec 15 11:46:39 2017 > main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: > sigmgr) > WARNING: getpatch: Can't download daily-24011.cdiff from > db.local.clamav.net<http://db.local.clamav.net> > WARNING: getpatch: Can't download daily-24011.cdiff from > db.local.clamav.net<http://db.local.clamav.net> > WARNING: getpatch: Can't download daily-24011.cdiff from > db.local.clamav.net<http://db.local.clamav.net> > WARNING: getpatch: Can't download daily-24011.cdiff from > db.local.clamav.net<http://db.local.clamav.net> > WARNING: getpatch: Can't download daily-24011.cdiff from > db.local.clamav.net<http://db.local.clamav.net> > WARNING: Incremental update failed, trying to download daily.cvd > WARNING: Can't download daily.cvd from db.local.clamav.net<http://db. > local.clamav.net> > Trying again in 5 secs... > ... > ClamAV update process started at Fri Dec 15 11:47:07 2017 > main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: > sigmgr) > WARNING: getpatch: Can't download daily-24011.cdiff from > database.clamav.net<http://database.clamav.net> > WARNING: getpatch: Can't download daily-24011.cdiff from > database.clamav.net<http://database.clamav.net> > WARNING: getpatch: Can't download daily-24011.cdiff from > database.clamav.net<http://database.clamav.net> > WARNING: getpatch: Can't download daily-24011.cdiff from > database.clamav.net<http://database.clamav.net> > ERROR: getpatch: Can't download daily-24011.cdiff from database.clamav.net > <http://database.clamav.net> > WARNING: Incremental update failed, trying to download daily.cvd > ERROR: Can't download daily.cvd from database.clamav.net<http:// > database.clamav.net> > Giving up on database.clamav.net<http://database.clamav.net>... > Update failed. Your network may be down or none of the mirrors listed in > /etc/clamav/freshclam.conf is working. Check > http://www.clamav.net/doc/mirrors-faq.html for possible reasons. > > I don't know what to do here. > > Best regards, > George > > 2017-12-14 18:53 GMT+02:00 Dennis Peterson <denni...@inetnw.com<mailto:de > nni...@inetnw.com>>: > > Did you make sure permissions are set so that the clam user can read them? > > > > On 12/14/17 8:49 AM, George wrote: > > Hi, > > I mistakingly copied this twice in the email. But I did it as in your > reply. that's not the problem. > > Thanks, > George > > 2017-12-14 18:39 GMT+02:00 Dennis Peterson <denni...@inetnw.com<mailto:de > nni...@inetnw.com>>: > > you are downloading main.cvd twice. Change one of the wget commands to > download daily.cvd. > > Example: > > wget database.clamav.net/main.cvd<http://database.clamav.net/main.cvd> > sudo cp main.cvd /var/lib/clamav > wget database.clamav.net/daily.cvd<http://database.clamav.net/daily.cvd> > sudo cp daily.cvd /var/lib/clamav > > > dp > > On 12/14/17 8:28 AM, George wrote: > > Dear All, > > I am still getting the message that my database is more than 7 days > old. I > successfully downloaded and updated main.cvd and daily.cvd manually, as > follows: > > wget database.clamav.net/main.cvd<http://database.clamav.net/main.cvd> > sudo cp main.cvd
Re: [clamav-users] How to download and update main.cvd and daily.cvd manually AND update mirrors
Hi Dennis, Thanks again for your answer. I just checked and clamav can read the main.cvd and the daily.cvd. It cannot write. I hope that's what you meant. Otherwise, when I tried a manual update. I did what follows but, as you can see, to no avail: user@virus:~$ sudo /etc/init.d/clamav-freshclam stop [ ok ] Stopping clamav-freshclam (via systemctl): clamav-freshclam.service. user@virus:~$ sudo freshclam ClamAV update process started at Fri Dec 15 11:46:39 2017 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net WARNING: Incremental update failed, trying to download daily.cvd WARNING: Can't download daily.cvd from db.local.clamav.net Trying again in 5 secs... ... ClamAV update process started at Fri Dec 15 11:47:07 2017 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net ERROR: getpatch: Can't download daily-24011.cdiff from database.clamav.net WARNING: Incremental update failed, trying to download daily.cvd ERROR: Can't download daily.cvd from database.clamav.net Giving up on database.clamav.net... Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons. I don't know what to do here. Best regards, George 2017-12-14 18:53 GMT+02:00 Dennis Peterson <denni...@inetnw.com>: > Did you make sure permissions are set so that the clam user can read them? > > > > On 12/14/17 8:49 AM, George wrote: > >> Hi, >> >> I mistakingly copied this twice in the email. But I did it as in your >> reply. that's not the problem. >> >> Thanks, >> George >> >> 2017-12-14 18:39 GMT+02:00 Dennis Peterson <denni...@inetnw.com>: >> >> you are downloading main.cvd twice. Change one of the wget commands to >>> download daily.cvd. >>> >>> Example: >>> >>> wget database.clamav.net/main.cvd >>> sudo cp main.cvd /var/lib/clamav >>> wget database.clamav.net/daily.cvd >>> sudo cp daily.cvd /var/lib/clamav >>> >>> >>> dp >>> >>> On 12/14/17 8:28 AM, George wrote: >>> >>> Dear All, >>>> >>>> I am still getting the message that my database is more than 7 days >>>> old. I >>>> successfully downloaded and updated main.cvd and daily.cvd manually, as >>>> follows: >>>> >>>> wget database.clamav.net/main.cvd >>>> sudo cp main.cvd /var/lib/clamav >>>> wget database.clamav.net/main.cvd >>>> sudo cp daily.cvd /var/lib/clamav >>>> >>>> >>>> ___ >>> clamav-users mailing list >>> clamav-users@lists.clamav.net >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>> >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml >>> >>> ___ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] How to download and update main.cvd and daily.cvd manually AND update mirrors
Hi, I mistakingly copied this twice in the email. But I did it as in your reply. that's not the problem. Thanks, George 2017-12-14 18:39 GMT+02:00 Dennis Peterson <denni...@inetnw.com>: > you are downloading main.cvd twice. Change one of the wget commands to > download daily.cvd. > > Example: > > wget database.clamav.net/main.cvd > sudo cp main.cvd /var/lib/clamav > wget database.clamav.net/daily.cvd > sudo cp daily.cvd /var/lib/clamav > > > dp > > On 12/14/17 8:28 AM, George wrote: > >> Dear All, >> >> I am still getting the message that my database is more than 7 days old. I >> successfully downloaded and updated main.cvd and daily.cvd manually, as >> follows: >> >> wget database.clamav.net/main.cvd >> sudo cp main.cvd /var/lib/clamav >> wget database.clamav.net/main.cvd >> sudo cp daily.cvd /var/lib/clamav >> >> > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] How to download and update main.cvd and daily.cvd manually AND update mirrors
Dear All, I am still getting the message that my database is more than 7 days old. I successfully downloaded and updated main.cvd and daily.cvd manually, as follows: wget database.clamav.net/main.cvd sudo cp main.cvd /var/lib/clamav wget database.clamav.net/main.cvd sudo cp daily.cvd /var/lib/clamav However, I don't know if it's correct, but I couldn't find step-by-step explanations anywhere. Additional information: ## Here is my freshclam.log output (given between quotes << >> and deleting unnecessary repetitions): << ClamAV update process started at Sun Dec 10 10:23:01 2017 WARNING: Can't query current.cvd.clamav.net WARNING: Invalid DNS reply. Falling back to HTTP mode. Reading CVD header (main.cvd): Sun Dec 10 10:23:01 2017 -> WARNING: Can't get information about db.local.clamav.net: Temporary failure in name resolution WARNING: Can't read main.cvd header from db.local.clamav.net (IP: ) Trying again in 5 secs... ... Received signal: wake up ClamAV update process started at Sun Dec 10 13:24:22 2017 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net WARNING: Incremental update failed, trying to download daily.cvd WARNING: Can't download daily.cvd from db.local.clamav.net Trying again in 5 secs... >> # 2 Here is smy freshclam.conf output (because someone suggested to replace XY with my country code BG (for Bulgaria) in the database mirror section. I don't know why and where). The freshclam.confis given between the quotes << >> : << # Automatically created by the clamav-freshclam postinst # Comments will get lost when you reconfigure the clamav-freshclam package DatabaseOwner clamav UpdateLogFile /var/log/clamav/freshclam.log LogVerbose false LogSyslog false LogFacility LOG_LOCAL6 LogFileMaxSize 0 LogRotate true LogTime true Foreground false Debug false MaxAttempts 5 DatabaseDirectory /var/lib/clamav DNSDatabaseInfo current.cvd.clamav.net AllowSupplementaryGroups false PidFile /var/run/clamav/freshclam.pid ConnectTimeout 30 ReceiveTimeout 30 TestDatabases yes ScriptedUpdates yes CompressLocalDatabase no Bytecode true # Check for new database 24 times a day Checks 24 DatabaseMirror db.local.clamav.net DatabaseMirror database.clamav.net SafeBrowsing Yes >> Again, couldn't someone who understands this write a step-by-step article with explanations on how to download databases and update mirrors manually? Best regards, George ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] How to download and update main.cvd and daily.cvd manually AND mirrors
Hi Tom, Please find the freshclam.log output between quotes << >> (I deleted repetitions): << ClamAV update process started at Sun Dec 10 10:23:01 2017 WARNING: Can't query current.cvd.clamav.net WARNING: Invalid DNS reply. Falling back to HTTP mode. Reading CVD header (main.cvd): Sun Dec 10 10:23:01 2017 -> WARNING: Can't get information about db.local.clamav.net: Temporary failure in name resolution WARNING: Can't read main.cvd header from db.local.clamav.net (IP: ) Trying again in 5 secs... ... Received signal: wake up ClamAV update process started at Sun Dec 10 13:24:22 2017 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net WARNING: Incremental update failed, trying to download daily.cvd WARNING: Can't download daily.cvd from db.local.clamav.net Trying again in 5 secs... >> I do not see where to replace XY with my country code in the database mirror section. Where is this? Which settings in the freshclam.conf file do you mean? Find below my freshclm.conf contents: << # Automatically created by the clamav-freshclam postinst # Comments will get lost when you reconfigure the clamav-freshclam package DatabaseOwner clamav UpdateLogFile /var/log/clamav/freshclam.log LogVerbose false LogSyslog false LogFacility LOG_LOCAL6 LogFileMaxSize 0 LogRotate true LogTime true Foreground false Debug false MaxAttempts 5 DatabaseDirectory /var/lib/clamav DNSDatabaseInfo current.cvd.clamav.net AllowSupplementaryGroups false PidFile /var/run/clamav/freshclam.pid ConnectTimeout 30 ReceiveTimeout 30 TestDatabases yes ScriptedUpdates yes CompressLocalDatabase no Bytecode true # Check for new database 24 times a day Checks 24 DatabaseMirror db.local.clamav.net DatabaseMirror database.clamav.net SafeBrowsing Yes >> Best regards, George 2017-12-13 21:17 GMT+02:00 Thomas McCourt (tmccourt) <tmcco...@cisco.com>: > Hey George, > > What does your freshclam.log file say? Any errors generating when you > download via freshclam? > Replace XY with your country code in the below database mirror section. > You could look at the freshclam.conf file and make sure you have the below > settings: > > # Uncomment the following line and replace XY with your country > # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. > # You can use db.XY.ipv6.clamav.net for IPv6 connections. > DatabaseMirror db.XY.clamav.net > > # database.clamav.net is a round-robin record which points to our most > # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is > # not working. DO NOT TOUCH the following line unless you know what you > # are doing. > DatabaseMirror database.clamav.net > > > > > IF you have having issues with the mirrors themselves, delete your > mirror.dat file, and run a freshclam again to see if that helps. > > > Thanks, > > > Tom M > > > > On 12/13/17, 2:07 PM, "clamav-users on behalf of George" < > clamav-users-boun...@lists.clamav.net on behalf of gdparlic...@gmail.com> > wrote: > > >Dear All, > > > >I need help to download and update main.cvd and daily.cvd manually AND > >mirrors. I tried: > > > >wget database.clamav.net/main.cvd > >sudo cp main.cvd /var/lib/clamav > >wget database.clamav.net/main.cvd > >sudo cp daily.cvd /var/lib/clamav > > > >It didn't work. I am still getting the message that my database is more > >than 7 days old. I know that this might be wrong, but why did no one > >addressed the issue? I've seen a lot of requests lately. > >I have also been suggested to look for another mirrors. But how and where > >to look for them. Coouldn't someone who understands this write an article? > > > >Best regards, > >George > >___ > >clamav-users mailing list > >clamav-users@lists.clamav.net > >http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > >Help us build a comprehensive ClamAV guide: > >https://github.com/vrtadmin/clamav-faq > > > >http://www.clamav.net/contact.html#ml > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] How to download and update main.cvd and daily.cvd manually AND mirrors
Dear All, I need help to download and update main.cvd and daily.cvd manually AND mirrors. I tried: wget database.clamav.net/main.cvd sudo cp main.cvd /var/lib/clamav wget database.clamav.net/main.cvd sudo cp daily.cvd /var/lib/clamav It didn't work. I am still getting the message that my database is more than 7 days old. I know that this might be wrong, but why did no one addressed the issue? I've seen a lot of requests lately. I have also been suggested to look for another mirrors. But how and where to look for them. Coouldn't someone who understands this write an article? Best regards, George ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] (no subject)
Thanks, but this doesn't update the daily.cvd. Should I wait for you to fix the mirros or can I do something myself? Sorry for bothering you, but if there was some guide on what to do in such cases, I would use it myself. Best regards, George 2017-12-06 18:32 GMT+02:00 Thomas McCourt (tmccourt) <tmcco...@cisco.com>: > Hello, > > Yeah, run the wget command > > Wget database.clamav.net/main.cvd > That should download it > > > Thanks, > > > Tom > > > > > > On 12/6/17, 11:18 AM, "clamav-users on behalf of George" < > clamav-users-boun...@lists.clamav.net on behalf of gdparlic...@gmail.com> > wrote: > > >wget > >database.clamav.net/main.cvd' > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] (no subject)
Hi Tom, Thanks for this timely reply. Could you provide a solution or link to update the database by myself? Best regards, George 2017-12-06 16:57 GMT+02:00 Thomas McCourt (tmccourt) <tmcco...@cisco.com>: > Hello George, > > I will look into those mirrors to see if they are down. IF a mirror is not > working, it should look to find another one. You could also try 'wget > database.clamav.net/main.cvd' > To see if it manually downloads it that way, then drop the file in the > location > > > We have been working hard to correct a lot of mirror issues, but as you > can see- we still have a long way to go to make mirrors work better. > It is my hope that I can get the mirrors more stable for everyone moving > forward. > > > Thank you, > > > Tom M > > > > > On 12/6/17, 7:14 AM, "clamav-users on behalf of George" < > clamav-users-boun...@lists.clamav.net on behalf of gdparlic...@gmail.com> > wrote: > > >Dear All, > > > >How do I update my ClamAV database? I can provide the following details > >regarding my problem: > >1. I run ClamAV 0.99.2/24010; > >2. After starting clamscan, I get "The virus database is older than 7 > days! > >Please update it as soon as possible." > >3. Ran "sudo /etc/init.d/clamav-freshclam stop; sudo freshclam -v to > >manually update the ClamAV database, however; > >4. The following error keeps repeating: > > > >Retrieving http://db.local.clamav.net/daily-24011.cdiff > >Ignoring mirror 193.92.150.194 (due to previous errors) > >Ignoring mirror 193.92.150.194 (due to previous errors) > >WARNING: getpatch: Can't download daily-24011.cdiff from > db.local.clamav.net > >... > >Giving up on database.clamav.net... > > > >5. So I restarted the ClamAV daemon: > >user@virus:~$ sudo /etc/init.d/clamav-freshclam start > >[ ok ] Starting clamav-freshclam (via systemctl): > clamav-freshclam.service. > > > >After reading the documentation (https://www.clamav.net/documents/) and > the > >Archives and finding no solution, I decided to ask the community. > >Please find attached the full Clamscan error log and my trial to update > the > >database manually. Please find the log output below (between #START and > >#END). Thanks in advance. > > > >Best regards, > >George > > > >I deleted the rest of the message ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] (no subject)
Dear All, How do I update my ClamAV database? I can provide the following details regarding my problem: 1. I run ClamAV 0.99.2/24010; 2. After starting clamscan, I get "The virus database is older than 7 days! Please update it as soon as possible." 3. Ran "sudo /etc/init.d/clamav-freshclam stop; sudo freshclam -v to manually update the ClamAV database, however; 4. The following error keeps repeating: Retrieving http://db.local.clamav.net/daily-24011.cdiff Ignoring mirror 193.92.150.194 (due to previous errors) Ignoring mirror 193.92.150.194 (due to previous errors) WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net ... Giving up on database.clamav.net... 5. So I restarted the ClamAV daemon: user@virus:~$ sudo /etc/init.d/clamav-freshclam start [ ok ] Starting clamav-freshclam (via systemctl): clamav-freshclam.service. After reading the documentation (https://www.clamav.net/documents/) and the Archives and finding no solution, I decided to ask the community. Please find attached the full Clamscan error log and my trial to update the database manually. Please find the log output below (between #START and #END). Thanks in advance. Best regards, George #START user@virus:~$ freshclam ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!). ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log). user@virus:~$ man clamscan user@virus:~$ clamscan -r --max-filesize=5 -i --remove /home/user LibClamAV Warning: ** LibClamAV Warning: *** The virus database is older than 7 days! *** LibClamAV Warning: *** Please update it as soon as possible.*** LibClamAV Warning: ** --- SCAN SUMMARY --- Known viruses: 9515915 Engine version: 0.99.2 Scanned directories: 9277 Scanned files: 73380 Infected files: 0 Total errors: 2 Data scanned: 0.00 MB Data read: 44128.53 MB (ratio 0.00:1) Time: 324.804 sec (5 m 24 s) user@virus:~$ sudo /etc/init.d/clamav-freshclam stop [sudo] password for user: [ ok ] Stopping clamav-freshclam (via systemctl): clamav-freshclam.service. user@virus:~$ freshclam ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!). ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log). user@virus:~$ sudo freshclam -v Current working dir is /var/lib/clamav Max retries == 5 ClamAV update process started at Tue Nov 21 11:07:07 2017 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 1748 Software version from DNS: 0.99.2 main.cvd version from DNS: 58 main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cvd version from DNS: 24059 Retrieving http://db.local.clamav.net/daily-24011.cdiff Ignoring mirror 193.92.150.194 (due to previous errors) Ignoring mirror 193.92.150.194 (due to previous errors) WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net Retrieving http://db.local.clamav.net/daily-24011.cdiff Ignoring mirror 193.92.150.194 (due to previous errors) WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net Retrieving http://db.local.clamav.net/daily-24011.cdiff Ignoring mirror 193.92.150.194 (due to previous errors) WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net Retrieving http://db.local.clamav.net/daily-24011.cdiff Ignoring mirror 193.92.150.194 (due to previous errors) WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net Retrieving http://db.local.clamav.net/daily-24011.cdiff Ignoring mirror 193.92.150.194 (due to previous errors) WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net WARNING: Incremental update failed, trying to download daily.cvd Whitelisting short-term blacklisted mirrors Retrieving http://db.local.clamav.net/daily.cvd Ignoring mirror 193.92.150.194 (due to previous errors) Ignoring mirror 193.92.150.194 (due to previous errors) WARNING: Can't download daily.cvd from db.local.clamav.net Trying again in 5 secs... ClamAV update process started at Tue Nov 21 11:07:18 2017 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 1736 Software version from DNS: 0.99.2 main.cvd version from DNS: 58 main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cvd version from DNS: 24059 Retrieving http://db.local.clamav.net/daily-24011.cdiff Ignoring mirror 193.92.150.194 (due to previous errors) WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net Retrieving http://db.local.clamav.net/daily-24011.cdiff Ignoring mirror 193.92.150.194 (due to previous errors) WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net Retrieving http://db.local.clamav.net/daily-24011.cdiff Ignoring mirror 193.92.150.194 (due to previous errors) WARNING: getpatch: Can't download daily-24011.cdiff from db.l
Re: [clamav-users] daily.cvd update issue.
On 7/19/2011 4:02 PM, Dennis Peterson wrote: In my opinion, if twitter is a requirement for using ClamAV then this project is doomed. I don't see our 'business' endorsing our NOC playing with twitter as part of the job. There is ZERO chance of that getting allowed here. If this becomes a true requirement to use clamav then we need to start looking for a replacement for the 200+ Linux instances that are running. They are less then happy to see a GPL/Free product out there now, become less happy when it went to rsync to MANY foreign (Non-US) sites (used in a more or less random style for the updates), this would just about put the nail in the coffin for it here. Please say that this is NOT happening, I really don't want to re-engineer a solution because someone decides they like a social media tool for support. It was hard enough getting the email lists allowed after 3 years on my internal mail vs. home email. ___ George R. Kasica | Systems Analyst – Technical Services | Mortgage Guaranty Insurance Corporation 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6491(work) 1.414.732.8503 (cell) | 7 1.888.601.4440 or 1.414.347.2601 (fax) | * george_kas...@mgic.com or kasica_pa...@mgic.com P Please consider the environment before printing this email. This message is intended for use only by the person(s) addressed above and may contain privileged and confidential information. Disclosure or use of this message by any other person is strictly prohibited. If this message is received in error, please notify the sender immediately and delete this message. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Upcoming release of ClamAV
Tomasz: As requested - RHEL4 == ./configure make check configure: Summary of detected features follows OS : linux-gnu pthreads: yes (-lpthread) configure: Summary of miscellaneous features check : no (auto) clamuko : yes fdpassing : 1 IPv6: yes configure: Summary of optional tools clamdtop: -lncurses (auto) milter : yes (disabled) configure: Summary of engine performance features) release mode: yes jit : no (auto) mempool : yes configure: Summary of engine detection features autoit_ea06 : yes bzip2 : ok zlib: /usr/local unrar : yes SKIP: check_clamav PASS: check_freshclam.sh PASS: check_sigtool.sh SKIP: check_unit_vg.sh FAIL: check1_clamscan.sh FAIL: check2_clamd.sh PASS: check3_clamd.sh FAIL: check4_clamd.sh SKIP: check5_clamd_vg.sh SKIP: check6_clamd_vg.sh SKIP: check7_clamd_hg.sh SKIP: check8_clamd_hg.sh SKIP: check9_clamscan_vg.sh RHEL5 === ./configure make check configure: Summary of detected features follows OS : linux-gnu pthreads: yes (-lpthread) configure: Summary of miscellaneous features check : no (auto) clamuko : yes fdpassing : 1 IPv6: yes configure: Summary of optional tools clamdtop: (auto) milter : yes (disabled) configure: Summary of engine performance features) release mode: yes jit : yes (auto) mempool : yes configure: Summary of engine detection features autoit_ea06 : yes bzip2 : ok zlib: /usr/local unrar : yes SKIP: check_clamav PASS: check_freshclam.sh PASS: check_sigtool.sh SKIP: check_unit_vg.sh FAIL: check1_clamscan.sh FAIL: check2_clamd.sh PASS: check3_clamd.sh FAIL: check4_clamd.sh SKIP: check5_clamd_vg.sh SKIP: check6_clamd_vg.sh SKIP: check7_clamd_hg.sh SKIP: check8_clamd_hg.sh SKIP: check9_clamscan_vg.sh ___ George R. Kasica | Systems Analyst – Technical Services | Mortgage Guaranty Insurance Corporation 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6491(work) 1.414.732.8503 (cell) | 7 1.888.601.4440 or 1.414.347.2601 (fax) | * george_kas...@mgic.com or kasica_pa...@mgic.com P Please consider the environment before printing this email. This message is intended for use only by the person(s) addressed above and may contain privileged and confidential information. Disclosure or use of this message by any other person is strictly prohibited. If this message is received in error, please notify the sender immediately and delete this message. From: Tomasz Kojm tk...@clamav.net To: ClamAV users ML clamav-users@lists.clamav.net, ClamAV Development clamav-de...@lists.clamav.net Date: 10/19/2010 09:23 Subject: [Clamav-users] Upcoming release of ClamAV Sent by: clamav-users-boun...@lists.clamav.net Dear Users, we're going to release a new version of ClamAV on Monday, October 25. ClamAV 0.96.4 will fix some issues with the PDF parser, logical signatures and other problems reported for 0.96.3: https://wwws.clamav.net/bugzilla/buglist.cgi?resolution=FIXEDquery_format=advancedbug_status=RESOLVEDproduct=ClamAVtarget_milestone=0.96.4 You can help by testing (or just running ./configure make check) the latest code available in our Git repository - the latest snapshot tarball can be grabbed here: http://git.clamav.net/gitweb?p=clamav-devel.git;a=snapshot;h=refs/heads/master;sf=tgz Thanks in advance, -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 19 16:21:33 CEST 2010 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] What ever happened to the Release Candidate for 0.96.3??
All I can ask after messing with 50+ boxes here to get 0.96.3 running is hat ever happened to the RELEASE CANDIDATE for 0.96.3it would have sure helped to see that announcement and get a trial run at it. This is NOT the first time we've had bumpy releases in the last year and we're donating cycles on 4 machines here to run the nightly build cycles for 4 distros - RHEL4, RHEL5, Fedora Core 13 and older Generic Caldera Linus based boxwith this many issues on RHEL4/RHEL5 and Fedora core 13 on our end why are we bothering to do thisit seems like we're running tests, submitting results and no-one is even looking at the output. Just my 2 cents from out here ___ George R. Kasica | Systems Analyst – Technical Services | Mortgage Guaranty Insurance Corporation 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6491(work) 1.414.732.8503 (cell) | 7 1.888.601.4440 or 1.414.347.2601 (fax) | * george_kas...@mgic.com or kasica_pa...@mgic.com P Please consider the environment before printing this email. This message is intended for use only by the person(s) addressed above and may contain privileged and confidential information. Disclosure or use of this message by any other person is strictly prohibited. If this message is received in error, please notify the sender immediately and delete this message. From: Nathan Gibbs nat...@cmpublishers.com To: ClamAV users ML clamav-users@lists.clamav.net Date: 09/22/2010 09:03 Subject: Re: [Clamav-users] VirusAction Question Sent by: clamav-users-boun...@lists.clamav.net * Dennis Peterson wrote: On 9/21/10 9:55 PM, Nathan Gibbs wrote: Now will the REAL C CODERS PLEASE STAND UP! Do it right and show me how its done. Better yet, just do it right the first time, and I won't say a thing. Got your ECR submitted? Has change board seen it, approved it, and slotted it in the priorities chart? Is it at the top of the chart? Got your design documents done, identified your metrics for success? Got your functional tests designed and approved? Very good points, all of them, which is why I have said and continue to say that I don't know what I'm doing. You've coded it so we assume the above is completed. What are the chances you've done regression testing in all supported environments using all supported compilers? As stated, I don't know what I'm doing. Subjected your code for peer review? Done last night. http://www.cmpublishers.com/oss/clamfi.c Has QA signed off on it? That would be amazing, but I highly doubt that the Quality of my butcher work would stand. Is your confidence level sufficiently high that you are willing to put your code out for the public's consumption As stated, Already did. and you are ready to support it if it breaks stuff? 0.94.x thats all I'm going to say there. I understand the why, but will never agree with how it was done. If sourcefire can blow up ClamAV installations all over the world, why should I worry about my code doing the same thing? Breakage is a long way off, due to the skill required to get my code into your clamav source. Some people could do it, but not everybody. If coding were easy anyone could do it, and you've shown it is and anyone can for very simple projects. That's just the beginning. Precisely my point. Should I be doing these mods? NO, Absolutely not! Are they that difficult to implement? Apparently not. They should be implemented by someone with far more experience than myself. Last night when I decided to just for fun see if I could get the milter to do what I wanted. I thought it would end with me erasing my mangled and nonworking source and unpacking a fresh source from the tarball. I thought I would fail miserably. Imagine my surprise when it worked, especially when you consider that I don't understand half of that code. Now imagine my thoughts about a development team backed by a company that won't implement this. Those guys could do this better than me any day of the week. They could code circles around me, but so far they won't. what does that tell you? -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com [attachment signature.asc deleted by George Kasica/MGIC] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??
Tomaz: Typical issues as in the past...first no clue it was coming out(no release candidate no announcement)...it just appeared, no idea it would have issues with bzip2, and STILL no fix to bzip2 RPMs for the Fedora Core 13 platform (we had to compile from a tar.gz for the others) except RHEL4/5 that have RPMs out (AFTER 0.96.3 released), the ULIMIT issue that I still don't fully grasp here and am still not clear if its something we need to deal withthings seem to run so for now we haven't gone in and touched it(again, this wasn't an issue in 0.96.2 why is it an issue in 0.96.3 which appears to be a minor release 0.0.1) In our environment we have certain time-frames where we need to apply code once its released depending on what and why it was put out so we don't always have the luxury to let it sit for days...getting code that is not labeled as RC and is supposedly prod quality and ready to go and having these issues is not good...we've spend a good portion of the week on this so far and seem to be finally OK, but it could have been much smoother (again)brings me back to the point of why are we running these 4 test harness boxes for Torok if no-one is looking at what is coming back from them. George ___ George R. Kasica | Systems Analyst – Technical Services | Mortgage Guaranty Insurance Corporation 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6491(work) 1.414.732.8503 (cell) | 7 1.888.601.4440 or 1.414.347.2601 (fax) | * george_kas...@mgic.com or kasica_pa...@mgic.com P Please consider the environment before printing this email. This message is intended for use only by the person(s) addressed above and may contain privileged and confidential information. Disclosure or use of this message by any other person is strictly prohibited. If this message is received in error, please notify the sender immediately and delete this message. From: Tomasz Kojm tk...@clamav.net To: ClamAV users ML clamav-users@lists.clamav.net Date: 09/22/2010 09:57 Subject: Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3?? Sent by: clamav-users-boun...@lists.clamav.net On Wed, 22 Sep 2010 09:56:18 -0500 George Kasica george_kas...@mgic.com wrote: All I can ask after messing with 50+ boxes here to get 0.96.3 running is hat ever happened to the RELEASE CANDIDATE for 0.96.3it would have sure helped to see that announcement and get a trial run at it. This is NOT the first time we've had bumpy releases in the last year and we're donating cycles on 4 machines here to run the nightly build cycles for 4 distros - RHEL4, RHEL5, Fedora Core 13 and older Generic Caldera Linus based boxwith this many issues on RHEL4/RHEL5 and Fedora core 13 on our end why are we bothering to do thisit seems like we're running tests, submitting results and no-one is even looking at the output. Just my 2 cents from out here Could you elaborate more on the problems you were facing with 0.96.3? -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Sep 22 16:57:02 CEST 2010 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??
Edwin: Then you need to look at the tests, something isn't making it...the stuff build but there were errors/warnings at the end of configure about bzip2 and Don't rely on this build, etc. Also ULIMIT complaints. If you're just looking at little green lights on a web page we have a serious problem ___ George R. Kasica | Systems Analyst – Technical Services | Mortgage Guaranty Insurance Corporation 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6491(work) 1.414.732.8503 (cell) | 7 1.888.601.4440 or 1.414.347.2601 (fax) | * george_kas...@mgic.com or kasica_pa...@mgic.com P Please consider the environment before printing this email. This message is intended for use only by the person(s) addressed above and may contain privileged and confidential information. Disclosure or use of this message by any other person is strictly prohibited. If this message is received in error, please notify the sender immediately and delete this message. From: Török Edwin edwinto...@gmail.com To: ClamAV users ML clamav-users@lists.clamav.net Cc: george_kas...@mgic.com Date: 09/22/2010 10:13 Subject: Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3?? Sent by: clamav-users-boun...@lists.clamav.net On Wed, 22 Sep 2010 09:56:18 -0500 George Kasica george_kas...@mgic.com wrote: All I can ask after messing with 50+ boxes here to get 0.96.3 running is hat ever happened to the RELEASE CANDIDATE for 0.96.3it would have sure helped to see that announcement and get a trial run at it. This is NOT the first time we've had bumpy releases in the last year and we're donating cycles on 4 machines here to run the nightly build cycles for 4 distros - RHEL4, RHEL5, Fedora Core 13 and older Generic Caldera Linus based boxwith this many issues on RHEL4/RHEL5 and Fedora core 13 on our end why are we bothering to do thisit seems like we're running tests, submitting results and no-one is even looking at the output. What kind of issues did you encounter? If it is something that can be automatically detected, we should add it to our testsuite. All the farm reports I see from author == georgek for september are green. We'll probably have to add more tests to detect the issues you encountered. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??
Edwin: I've been around the 'net quite some time (1983), please excuse me if I'm expecting too much. I think releasing the clamav item before there were bzip2 libraries out there to compile against for major distros (Fedora Core 13, RHEL4 and RHEL5 are not small install bases) and many if not most run the RPM builds (not tar.gz compiles) in a business setting for control in a large environment was probably not a great idea - though I understand you can't control the distro vendors I do know you can work with them on security issues, its done by other vendors all the time and they can get RPMs out quickly in cases like this. For example the bzip2 RPMs for Red Hat came out about 430pm (you released 0.96.3 at 17:09 CEST about 11am Chicago time USA) leaving alot of folks wondering what to do about bzip2 RPMs on the day you released clamav...if you had waited even 6 hours or so or contacted Red Hat alot of pain would have been avoided(similar story for other vendors I'm sure they all have security areas and contacts and most are pretty eager to assist). And as far as upgrade notes on the web site there's nothing out there at all about upgrading/updating bzip2 components...I just looked it says under 0.96.3 Upgrade Notes Known Issues and Workarounds - None yet. Guys, I'm not trying to pick a fight here, but this isn't the first time a release of clamav has gone a little sideways in the last 12 months or soand I realize that there is a free vs. commercial product provided by Sourcefire. We would be happy to go with the latter but its not available for the platform we're on and we were told if you are willing to help out by running a test build platform on the OS you need it to run on things will go smoother after the last set of issues that occurred, so we have been. Yet, here we are again with the last 2 releases having issues either with JIT copiler/llvm or now this type of thing(bzip libraries, etc). I'll admit our info security folks are picky but we have to live with that here. We're not running a home based server here, this is a production environment that serves near to over 1 million emails a day and clamav is running in the core of that process as well as on near 50 other linux hosts to scan for virus issues on a routine basis as well. What can we on a sytem admin end do to help this process in the future because frankly I'm at a loss, I'm not (and have no desire to be) a programmer hacking code. In any case its a past event and something to keep in mind next time probably. Thanks for the fish, George ___ George R. Kasica | Systems Analyst – Technical Services | Mortgage Guaranty Insurance Corporation 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6491(work) 1.414.732.8503 (cell) | 7 1.888.601.4440 or 1.414.347.2601 (fax) | * george_kas...@mgic.com or kasica_pa...@mgic.com P Please consider the environment before printing this email. This message is intended for use only by the person(s) addressed above and may contain privileged and confidential information. Disclosure or use of this message by any other person is strictly prohibited. If this message is received in error, please notify the sender immediately and delete this message. From: Török Edwin edwinto...@gmail.com To: ClamAV users ML clamav-users@lists.clamav.net Cc: george_kas...@mgic.com Date: 09/22/2010 11:23 Subject: Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3?? Sent by: clamav-users-boun...@lists.clamav.net On Wed, 22 Sep 2010 10:14:57 -0500 George Kasica george_kas...@mgic.com wrote: Tomaz: Typical issues as in the past...first no clue it was coming out(no release candidate no announcement)...it just appeared, no idea it would have issues with bzip2 There is a problem with security updates and release candidates (or announcements): - we can release only after the vulnerability is disclosed (in case of 3rdparty libraries) - we were watching upstream bzip2 to release, and released soon after that, we didn't have a reliable release date in advance - we could have told you that we are preparing a new version to fix the bzip2 vulnerability, but we couldn't release an RC with the bzip2 fix included (since that would've disclosed the vulnerability prior to upstream having a fix) - even if we were able to provide an RC, it would have told you that your bzip2 is buggy and you need to upgrade. That would have caused even more confusion, since there was no new upstream bzip2 version with the fix. Considering all this, do you think it would be useful to provide advance warning about a new security fix release in the future? Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build
Re: [Clamav-users] 0.96.2 freezing with sane security update script on one of 2 linux systems
On Wed, 18 Aug 2010 10:48:35 +0300, you wrote: On Tue, 17 Aug 2010 23:46:22 -0500 George R. Kasica geor...@netwrx1.com wrote: Not sure of the cause both are configured and built the same ./configure make make install for clam 0.96.2 Here is what the frozen machine will show - three hung scans for one of the sane security databases - this was NOT a problem with 0.96.1. If left to sit it will sit forever. Can you run it with --debug to see where it hangs? Then open a bugreport please (and attach junk.ndb). Not really sure how to do this as I didn't write the script thats running the update.and have no idea where or how I'd modify that codewould I just run that from a command line or what?? George ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.96.2 freezing with sane security update script on one of 2 linux systems
:* Submodule RIFF: On LibClamAV debug:* Submodule JPEG: On LibClamAV debug:* SubmoduleCRYPTFF: On LibClamAV debug:* SubmoduleDLP: On LibClamAV debug:* Submodule MYDOOMLOG: On LibClamAV debug:* Submodule PREFILTERING: On LibClamAV debug: Module PHISHING On LibClamAV debug:* Submodule ENGINE: On LibClamAV debug:* SubmoduleENTCONV: On LibClamAV debug: Module BYTECODE On LibClamAV debug:* Submodule INTERPRETER:On LibClamAV debug:* SubmoduleJIT X86: On LibClamAV debug:* SubmoduleJIT PPC: On LibClamAV debug:* SubmoduleJIT ARM: ** Off ** LibClamAV debug: environment detected: LibClamAV debug: check_platform(0x0a113636, 0x0400, 0x00040202) LibClamAV debug: check_platform(0x0a 1 1 36 36,0x0 4 00 00 00,0x0004 02 02) LibClamAV debug: check_platform( OS CPU COM FL DCONF,BE PTR CXX VV.VV.VV, FLG CC VV.VV.VV) LibClamAV debug: Engine version: 0.96.2 LibClamAV debug: Host triple: LibClamAV debug: Host CPU: LibClamAV debug: OS: Linux LibClamAV debug: OS release: 2.6.23.12 LibClamAV debug: OS version: #1 SMP PREEMPT Sat Aug 29 07:29:36 CDT 2009 LibClamAV debug: OS hardware: i686 LibClamAV debug: OS LLVM category: 0 LibClamAV debug: Has JIT compiled: 0 LibClamAV debug: -- LibClamAV debug: Bytecode: mode is 0 LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 9 APIcalls, maxapi 74 LibClamAV debug: unknown inst type: 89 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: Parsed 41 BBs, 176 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode: BC_STARTUP running (builtin) LibClamAV debug: Bytecode: executing in interpeter mode LibClamAV debug: bytecode: registered ctx variable at (nil) (+0) id 6 LibClamAV debug: bytecode: registered ctx variable at 0xb7f53780 (+2) id 2 LibClamAV debug: bytecode: registered ctx variable at 0xb7f40f80 (+256) id 1 LibClamAV debug: bytecode: registered ctx variable at 0xb7f53784 (+4) id 5 LibClamAV debug: bytecode: registered ctx variable at 0xb7f537a0 (+648) id 4 LibClamAV debug: bytecode: registered ctx variable at 0x805f488 (+512) id 7 LibClamAV debug: bytecode debug: startup: bytecode execution in auto mode LibClamAV debug: intepreter bytecode run finished in 72us, after executing 96 opcodes LibClamAV debug: Bytecode: disable status is 0 LibClamAV debug: bytecode: JIT disabled LibClamAV debug: JIT not compiled in LibClamAV debug: Bytecode: 0 bytecode prepared with JIT, 0 prepared with interpreter, 0 failed LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: cache_check: a4c76df956da8678e98dc4b04d8e9f2d is negative LibClamAV debug: Recognized ASCII text LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: in cli_scanscript() LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: cache_add: a4c76df956da8678e98dc4b04d8e9f2d (level 0) LibClamAV debug: cli_magic_scandesc: returning 0 at line 2381 LibClamAV debug: Cleaning up phishcheck LibClamAV debug: Freeing phishcheck struct LibClamAV debug: Phishcheck cleaned up -- ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com geor...@netwrx1.com ICQ #12862186 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.96.2 freezing with sane security update script on one of 2 linux systems
On Wed, 18 Aug 2010 14:25:38 +0100, you wrote: OK. Here's debug AND the fix at least from my solution: Recompiled with ./configure --disable-llvm make make install Thanks for reporting back.. it's odd though, as the test file you are scanning is only a small ascii file out of interest does the same thing happen with llvm enabled and one of the other database files -or- does it ONLY fail with the junk.ndb file? Over to edwin though ;) Fails with anything, text binary whatever as far as I can tell as long as llvm is on. Turn it off and all is happy. George ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.96.2 freezing with sane security update script on one of 2 linux systems
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2225 ___ George R. Kasica | Systems Analyst – Technical Services | Mortgage Guaranty Insurance Corporation 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6491(work) 1.414.732.8503 (cell) | 7 1.888.601.4440 or 1.414.347.2601 (fax) | * george_kas...@mgic.com or kasica_pa...@mgic.com P Please consider the environment before printing this email. This message is intended for use only by the person(s) addressed above and may contain privileged and confidential information. Disclosure or use of this message by any other person is strictly prohibited. If this message is received in error, please notify the sender immediately and delete this message. From: Török Edvin edwinto...@gmail.com To: ClamAV users ML clamav-users@lists.clamav.net Date: 08/18/2010 12:06 Subject: Re: [Clamav-users] 0.96.2 freezing with sane security update script on one of 2 linux systems Sent by: clamav-users-boun...@lists.clamav.net Your debug shows that the bytecode selftest failed in JIT mode (with llvm) The selftest runs always, so it shouldn't matter what db you load, or what file you scan.Please open bug. Also it should timeout after 1m. -- sent from mobile, sorry if it gets top posted On Aug 18, 2010 5:41 PM, George R. Kasica geor...@netwrx1.com wrote: On Wed, 18 Aug 2010 14:25:38 +0100, you wrote: OK. Here's debug AND the fix at least from my so... Fails with anything, text binary whatever as far as I can tell as long as llvm is on. Turn it off and all is happy. George ___ Help us build a comprehensive ClamAV guide: visit ht... ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] 0.96.2 freezing with sane security update script on one of 2 linux systems
Not sure of the cause both are configured and built the same ./configure make make install for clam 0.96.2 Here is what the frozen machine will show - three hung scans for one of the sane security databases - this was NOT a problem with 0.96.1. If left to sit it will sit forever. George root 12756 12707 5 23:26 pts/300:00:00 clamscan --quiet -d /usr/unofficial-dbs/ss-dbs/junk.ndb /usr/unofficial-dbs/configs/scan-test.txt root 12757 12756 0 23:26 pts/300:00:00 clamscan --quiet -d /usr/unofficial-dbs/ss-dbs/junk.ndb /usr/unofficial-dbs/configs/scan-test.txt root 12758 12757 0 23:26 pts/300:00:00 clamscan --quiet -d /usr/unofficial-dbs/ss-dbs/junk.ndb /usr/unofficial-dbs/configs/scan-test.txt [r...@eagle clamav]# /usr/sbin/clamav-unofficial-sigs.sh == Sanesecurity Database GPG Signature File Updates == Sanesecurity mirror site used: sane.helljert.de 178.63.197.162 Number of files: 28 Number of files transferred: 4 Total file size: 20800355 bytes Total transferred file size: 8433576 bytes Literal data: 502554 bytes Matched data: 7931022 bytes File list size: 871 File list generation time: 0.280 seconds File list transfer time: 0.000 seconds Total bytes sent: 22754 Total bytes received: 112252 sent 22754 bytes received 112252 bytes 24546.55 bytes/sec total size is 20800355 speedup is 154.07 Testing updated Sanesecurity database file: junk.ndb Sanesecurity GPG Signature tested good on junk.ndb database Aug 17 23:26:03 INFO - Sanesecurity mirror site used: sane.helljert.de 178.63.197.162 Aug 17 23:26:08 INFO - Testing updated Sanesecurity database file: junk.ndb Aug 17 23:26:08 INFO - Sanesecurity GPG Signature tested good on junk.ndb database -- ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com geor...@netwrx1.com ICQ #12862186 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Compile problem with 0.96.1
On Sat, 12 Jun 2010 11:27:26 +0100, you wrote: On Fri, Jun 11, 2010 at 11:24:17PM -0500, George R. Kasica said: Have successfully run 0.96 here with just using ./configure make make install But in 0.96.1 I'm failing the make with CCLD sigtool make[2]: Leaving directory `/mnt/scsi-1/Linux/clamav-0.96.1/sigtool' Making all in clamconf make[2]: Entering directory `/mnt/scsi-1/Linux/clamav-0.96.1/clamconf' CC optparser.o CC getopt.o CC misc.o CC clamconf.o CCLD clamconf clamconf.o: In function `print_platform': /mnt/scsi-1/Linux/clamav-0.96.1/clamconf/clamconf.c:255: undefined reference to `zlibCompileFlags' collect2: ld returned 1 exit status make[2]: *** [clamconf] Error 1 make[2]: Leaving directory `/mnt/scsi-1/Linux/clamav-0.96.1/clamconf' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/mnt/scsi-1/Linux/clamav-0.96.1' make: *** [all] Error 2 Something wrong with zlib install? Can you send a link to your config.log? older version did exist in /usr/lib newer version 1.23 was in /usr/local/lib. I removed the older version it and reran the ./configure make and it failed again...looked and notice the regular make of zlib doesn't create shared library you need to build zlib with the configure -s option. might be work a note in the clamav docs. building zlib with the configure -s make make install got the correct libraries for clam ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Compile problem with 0.96.1
Have successfully run 0.96 here with just using ./configure make make install But in 0.96.1 I'm failing the make with CCLD sigtool make[2]: Leaving directory `/mnt/scsi-1/Linux/clamav-0.96.1/sigtool' Making all in clamconf make[2]: Entering directory `/mnt/scsi-1/Linux/clamav-0.96.1/clamconf' CC optparser.o CC getopt.o CC misc.o CC clamconf.o CCLD clamconf clamconf.o: In function `print_platform': /mnt/scsi-1/Linux/clamav-0.96.1/clamconf/clamconf.c:255: undefined reference to `zlibCompileFlags' collect2: ld returned 1 exit status make[2]: *** [clamconf] Error 1 make[2]: Leaving directory `/mnt/scsi-1/Linux/clamav-0.96.1/clamconf' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/mnt/scsi-1/Linux/clamav-0.96.1' make: *** [all] Error 2 uname -m = i686 uname -r = 2.6.23.12 uname -s = Linux uname -v = #1 SMP PREEMPT Sat Aug 29 07:29:36 CDT 2009 GCC 4.2.2 I'm no where near a C programmer ao if someone can help me out here I'd appreciate it. Also files as https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2072 -- ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com geor...@netwrx1.com ICQ #12862186 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] DNS Warning also showing up now on 0.95.3
On Thu, 8 Apr 2010 08:49:48 +0200, you wrote: Hello, This is not an acceptable solution here for us...we have over 50 machines and several scripts on each that will need updating...what exactly is broken here...I'm seeing this error in the 0.95.3 version as well so it has NOTHING to do with 0.96 One of our DNS servers (ns5.clamav.net specifically) is acting up. That's why you see the error only occasionally, the other DNS servers are working fine. I'm working on the problem. Problem should be solved. Looks good again here thank you very much! George -- ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com geor...@netwrx1.com ICQ #12862186 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.96rc1 LibClamAV Warning: JIT not compiled in
On Fri, 12 Mar 2010 23:32:19 +0200, you wrote: On 03/12/2010 10:46 PM, George R. Kasica wrote: We've compiled and are running here as well with Red Hat EL4 (gcc 3.4.6-11.el4_8.1) and Red Hat EL5 (gcc 4.1.2-46.el5_4.2) both of which are the latest released versions of gcc from Red Had RPMs and are seeing the same JIT failures...how new are you expecting the gcc to be? Minimum 4.1.3. 4.1.2 is listed as a broken version here (although not exactly the version you have, -42 is listed, you have -46) http://llvm.org/docs/GettingStarted.html#brokengcc You can try to use --enable-llvm (it will ignore the gcc version then), and see if make check passes. If so let me know to automatically enable the JIT on that compiler version. There is a 4.4.0 gcc available for RHEL5 too that works. There's no way that our environment is going to be able to put something newer out than what is released by the Distro vendor.that it falls back to another mode is fine, but there's an awful lot of RHEL5 out there that I'm betting is running that rev of gcc that will see this error. That warning will be downgraded to a debug message. Neither will compile cleanly with the --enable-llvm switch, both fail make on RH EL4 and RH EL5 shown above. George -- ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com geor...@netwrx1.com ICQ #12862186 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] ***** SPAM ***** ***** SPAM ***** Re: 0.96rc1 LibClamAV Warning: JIT not compiled in
We've compiled and are running here as well with Red Hat EL4 (gcc 3.4.6-11.el4_8.1) and Red Hat EL5 (gcc 4.1.2-46.el5_4.2) both of which are the latest released versions of gcc from Red Had RPMs and are seeing the same JIT failures...how new are you expecting the gcc to be? There's no way that our environment is going to be able to put something newer out than what is released by the Distro vendor.that it falls back to another mode is fine, but there's an awful lot of RHEL5 out there that I'm betting is running that rev of gcc that will see this error. George On Thu, 11 Mar 2010 11:42:51 -0600, you wrote: I installed clam 0.96rc1 on a FreeBSD 5.3 test server. make seemed to run normally. When I scan any file with clamscan, I get: # clamscan /etc/motd LibClamAV Warning: JIT not compiled in /etc/motd: OK -- ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com geor...@netwrx1.com ICQ #12862186 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Thoughts on software QA Testing (or lack thereof...)
We're currently investigating the possibility of using the OpenSUSE build service to test the next ClamAV release on multiple Linux distributions, including many old ones: openSUSE 11.x, SLES/SLED 9/10/11, Fedora 10/11, RHEL 4/5, CentOS 5, Mandriva 2009, xUbuntu 6.06/8.04/8.10/9.04 OK...I'm not going to debate old vs. new here but I'm fairly sure the installed base of Fedora Core 10 and RHEL4 and Solaris 9 which are all actively supported by the various Vendors/groups would disagree with your assessment as would alot of businesses that are running them in a day to day production setting for front line work. Frankly, Don't think I would be able to get a new OS such as FC-11 or RHEL5 OK 'd to go into production at our company due to lack of sufficient background from a security standpoint etc. In any case, if you're looking for a test spot for FC10, Solaris 9, RHEL4 I'd be happy to try to run some stuff here on a box - I'm not a programmer but I can do basic things if given clear steps or test the ability to at least get it to make etc in our QA/Test environment. Let me know. George ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] 64bit RH ES5 Compile Error for Clamav 0.95.3
With the following configure after make clean and then a make 0.95.3 fails to build on Red Hat Enterprise Server 5 64 bit. Error bits below: ./configure --prefix=/usr/local/clamav-0.95.3 Error: = libtool: link: rm -f .libs/libclamav.nm .libs/libclamav.nmS .libs/libclamav.nmT libtool: link: (cd .libs gcc -g -O2 -c -fno-builtin -fPIC -DPIC libclamavS.c) libtool: link: rm -f .libs/libclamavS.c .libs/libclamav.nm .libs/libclamav.nmS .libs/libclamav.nmT libtool: link: gcc -shared .libs/libclamav_la-matcher-ac.o .libs/libclamav_la-matcher-bm.o .libs/libclamav_la-matcher.o .libs/libclamav_la-others.o .libs/libclamav_la-readdb.o .libs/libclamav_la-cvd.o .libs/libclamav_la-dsig.o .libs/libclamav_la-scanners.o .libs/libclamav_la-textdet.o .libs/libclamav_la-filetypes.o .libs/libclamav_la-rtf.o .libs/libclamav_la-blob.o .libs/libclamav_la-mbox.o .libs/libclamav_la-message.o .libs/libclamav_la-table.o .libs/libclamav_la-text.o .libs/libclamav_la-ole2_extract.o .libs/libclamav_la-vba_extract.o .libs/libclamav_la-msexpand.o .libs/libclamav_la-pe.o .libs/libclamav_la-disasm.o .libs/libclamav_la-upx.o .libs/libclamav_la-htmlnorm.o .libs/libclamav_la-chmunpack.o .libs/libclamav_la-rebuildpe.o .libs/libclamav_la-petite.o .libs/libclamav_la-wwunpack.o .libs/libclamav_la-unsp.o .libs/libclamav_la-aspack.o .libs/libclamav_la-packlibs.o .libs/libclamav_la-fsg.o .libs/libclamav_la-mew.o .libs/libclamav_la-upack.o .libs/libclamav_la-line.o .libs/libclamav_la-untar.o .libs/libclamav_la-unzip.o .libs/libclamav_la-inflate64.o .libs/libclamav_la-special.o .libs/libclamav_la-binhex.o .libs/libclamav_la-is_tar.o .libs/libclamav_la-tnef.o .libs/libclamav_la-autoit.o .libs/libclamav_la-unarj.o .libs/libclamav_la-bzlib.o .libs/libclamav_la-nulsft.o .libs/libclamav_la-infblock.o .libs/libclamav_la-pdf.o .libs/libclamav_la-spin.o .libs/libclamav_la-yc.o .libs/libclamav_la-elf.o .libs/libclamav_la-sis.o .libs/libclamav_la-uuencode.o .libs/libclamav_la-phishcheck.o .libs/libclamav_la-phish_domaincheck_db.o .libs/libclamav_la-phish_whitelist.o .libs/libclamav_la-regex_list.o .libs/libclamav_la-regex_suffix.o .libs/libclamav_la-mspack.o .libs/libclamav_la-cab.o .libs/libclamav_la-entconv.o .libs/libclamav_la-hashtab.o .libs/libclamav_la-dconf.o .libs/libclamav_la-lzma_iface.o .libs/libclamav_la-explode.o .libs/libclamav_la-textnorm.o .libs/libclamav_la-dlp.o .libs/libclamav_la-js-norm.o .libs/libclamav_la-uniq.o .libs/libclamav_la-version.o .libs/libclamav_la-mpool.o .libs/libclamav_la-sha256.o .libs/libclamav_la-bignum.o .libs/libclamavS.o -Wl,--whole-archive ../libltdl/.libs/libltdlc.a lzma/.libs/liblzma.a ./.libs/libclamav_internal_utils.a -Wl,--no-whole-archive -L/usr/local/lib -lz -lpthread -ldl -Wl,--version-script -Wl,../libclamav/libclamav.map -Wl,-soname -Wl,libclamav.so.6 -o .libs/libclamav.so.6.0.5 /usr/bin/ld: /usr/local/lib/libz.a(adler32.o): relocation R_X86_64_32 against `a local symbol' can not be used when making a shared object; recompile with -fPIC /usr/local/lib/libz.a: could not read symbols: Bad value collect2: ld returned 1 exit status make[4]: *** [libclamav.la] Error 1 make[4]: Leaving directory `/opt/clamav-0.95.3/libclamav' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/opt/clamav-0.95.3/libclamav' make[2]: *** [all] Error 2 make[2]: Leaving directory `/opt/clamav-0.95.3/libclamav' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/opt/clamav-0.95.3' make: *** [all] Error 2 -- ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com geor...@netwrx1.com ICQ #12862186 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Unable to compile clamav-0.95.3 on FreeBSD
On Fri, 30 Oct 2009 11:47:17 +, you wrote: Hi, On 2009-10-29 14:35, George Eliozov wrote: Hi, Just try to update my Clam AV and receive problem, listed below, Any ideas? git: not found - git? libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL -I/usr/local/include -I/usr/local/include -DSEARCH_LIBDIR=\/usr/local/lib/elf\ -g -O2 -MT libclamav_la-uniq.lo -MD -MP -MF .deps/libclamav_la-uniq.Tpo -c uniq.c -o libclamav_la-uniq.o /dev/null 2 I hit (probably) the same problem building on Solaris and found that touching an empty file version.h.tmp in the / clamav-0.95.3/libclamav directory fixed it. Based on looking back at a 0.95.2 build tree. HTH Tony.. Helps for Solaris 9 as well here. George -- George, Ginger/The Beast Kasica(8/1/88-3/19/01, 1/17/02- ), Rosie(9/1/07- ), Merlin/MR. Tibbs(8/1/90-5/24/06, 2/10/08- ), Nazarene(6/1/99-1/28/08) Jackson, WI USA geor...@netwrx1.com http://www.netwrx1.com/georgek ICQ #12862186 (`-''-/).___..--''`-._ `6_ 6 ) `-. ( ).`-.__.`) (_Y_.)' ._ ) `._ `. ``-..-' _..`--'_..-_/ /--'_.' ,' (il),-'' (li),' ((!.-' ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 64bit RH ES5 Compile Error for Clamav 0.95.3
On Fri, 30 Oct 2009 21:40:46 +0100, you wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 30/10/2009 20.35, George R. Kasica wrote: With the following configure after make clean and then a make 0.95.3 fails to build on Red Hat Enterprise Server 5 64 bit. Error bits below: ./configure --prefix=/usr/local/clamav-0.95.3 Error: = libtool: link: rm -f .libs/libclamav.nm .libs/libclamav.nmS .libs/libclamav.nmT libtool: link: (cd .libs gcc -g -O2 -c -fno-builtin -fPIC -DPIC libclamavS.c) libtool: link: rm -f .libs/libclamavS.c .libs/libclamav.nm .libs/libclamav.nmS .libs/libclamav.nmT libtool: link: gcc -shared .libs/libclamav_la-matcher-ac.o .libs/libclamav_la-matcher-bm.o .libs/libclamav_la-matcher.o .libs/libclamav_la-others.o .libs/libclamav_la-readdb.o .libs/libclamav_la-cvd.o .libs/libclamav_la-dsig.o .libs/libclamav_la-scanners.o .libs/libclamav_la-textdet.o .libs/libclamav_la-filetypes.o .libs/libclamav_la-rtf.o .libs/libclamav_la-blob.o .libs/libclamav_la-mbox.o .libs/libclamav_la-message.o .libs/libclamav_la-table.o .libs/libclamav_la-text.o .libs/libclamav_la-ole2_extract.o .libs/libclamav_la-vba_extract.o .libs/libclamav_la-msexpand.o .libs/libclamav_la-pe.o .libs/libclamav_la-disasm.o .libs/libclamav_la-upx.o .libs/libclamav_la-htmlnorm.o .libs/libclamav_la-chmunpack.o .libs/libclamav_la-rebuildpe.o .libs/libclamav_la-petite.o .libs/libclamav_la-wwunpack.o .libs/libclamav_la-unsp.o .libs/libclamav_la-aspack.o .libs/libclamav_la-packlibs.o .libs/libclamav_la-fsg.o .libs/libclamav_la-mew.o .libs/libclamav_la-upack.o .libs/libclamav_la-line.o .libs/libclamav_la-untar.o .libs/libclamav_la-unzip.o .libs/libclamav_la-inflate64.o .libs/libclamav_la-special.o .libs/libclamav_la-binhex.o .libs/libclamav_la-is_tar.o .libs/libclamav_la-tnef.o .libs/libclamav_la-autoit.o .libs/libclamav_la-unarj.o .libs/libclamav_la-bzlib.o .libs/libclamav_la-nulsft.o .libs/libclamav_la-infblock.o .libs/libclamav_la-pdf.o .libs/libclamav_la-spin.o .libs/libclamav_la-yc.o .libs/libclamav_la-elf.o .libs/libclamav_la-sis.o .libs/libclamav_la-uuencode.o .libs/libclamav_la-phishcheck.o .libs/libclamav_la-phish_domaincheck_db.o .libs/libclamav_la-phish_whitelist.o .libs/libclamav_la-regex_list.o .libs/libclamav_la-regex_suffix.o .libs/libclamav_la-mspack.o .libs/libclamav_la-cab.o .libs/libclamav_la-entconv.o .libs/libclamav_la-hashtab.o .libs/libclamav_la-dconf.o .libs/libclamav_la-lzma_iface.o .libs/libclamav_la-explode.o .libs/libclamav_la-textnorm.o .libs/libclamav_la-dlp.o .libs/libclamav_la-js-norm.o .libs/libclamav_la-uniq.o .libs/libclamav_la-version.o .libs/libclamav_la-mpool.o .libs/libclamav_la-sha256.o .libs/libclamav_la-bignum.o .libs/libclamavS.o -Wl,--whole-archive ../libltdl/.libs/libltdlc.a lzma/.libs/liblzma.a ./.libs/libclamav_internal_utils.a -Wl,--no-whole-archive -L/usr/local/lib -lz -lpthread -ldl -Wl,--version-script -Wl,../libclamav/libclamav.map -Wl,-soname -Wl,libclamav.so.6 -o .libs/libclamav.so.6.0.5 /usr/bin/ld: /usr/local/lib/libz.a(adler32.o): relocation R_X86_64_32 against `a local symbol' can not be used when making a shared object; recompile with -fPIC /usr/local/lib/libz.a: could not read symbols: Bad value collect2: ld returned 1 exit status why do you have zlib in /usr/local/lib ? custom compiled? that's where the zlib package put it on install by default. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 64bit RH ES5 Compile Error for Clamav 0.95.3
On Fri, 30 Oct 2009 23:56:35 +0200, you wrote: On 2009-10-30 23:55, George R. Kasica wrote: On Fri, 30 Oct 2009 21:40:46 +0100, you wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 30/10/2009 20.35, George R. Kasica wrote: With the following configure after make clean and then a make 0.95.3 fails to build on Red Hat Enterprise Server 5 64 bit. Error bits below: ./configure --prefix=/usr/local/clamav-0.95.3 Error: = libtool: link: rm -f .libs/libclamav.nm .libs/libclamav.nmS .libs/libclamav.nmT libtool: link: (cd .libs gcc -g -O2 -c -fno-builtin -fPIC -DPIC libclamavS.c) libtool: link: rm -f .libs/libclamavS.c .libs/libclamav.nm .libs/libclamav.nmS .libs/libclamav.nmT libtool: link: gcc -shared .libs/libclamav_la-matcher-ac.o .libs/libclamav_la-matcher-bm.o .libs/libclamav_la-matcher.o .libs/libclamav_la-others.o .libs/libclamav_la-readdb.o .libs/libclamav_la-cvd.o .libs/libclamav_la-dsig.o .libs/libclamav_la-scanners.o .libs/libclamav_la-textdet.o .libs/libclamav_la-filetypes.o .libs/libclamav_la-rtf.o .libs/libclamav_la-blob.o .libs/libclamav_la-mbox.o .libs/libclamav_la-message.o .libs/libclamav_la-table.o .libs/libclamav_la-text.o .libs/libclamav_la-ole2_extract.o .libs/libclamav_la-vba_extract.o .libs/libclamav_la-msexpand.o .libs/libclamav_la-pe.o .libs/libclamav_la-disasm.o .libs/libclamav_la-upx.o .libs/libclamav_la-htmlnorm.o .libs/libclamav_la-chmunpack.o .libs/libclamav_la-rebuildpe.o .libs/libclamav_la-petite.o .libs/libclamav_la-wwunpack.o .libs/libclamav_la-unsp.o .libs/libclamav_la-aspack.o .libs/libclamav_la-packlibs.o .libs/libclamav_la-fsg.o .libs/libclamav_la-mew.o .libs/libclamav_la-upack.o .libs/libclamav_la-line.o .libs/libclamav_la-untar.o .libs/libclamav_la-unzip.o .libs/libclamav_la-inflate64.o .libs/libclamav_la-special.o .libs/libclamav_la-binhex.o .libs/libclamav_la-is_tar.o .libs/libclamav_la-tnef.o .libs/libclamav_la-autoit.o .libs/libclamav_la-unarj.o .libs/libclamav_la-bzlib.o .libs/libclamav_la-nulsft.o .libs/libclamav_la-infblock.o .libs/libclamav_la-pdf.o .libs/libclamav_la-spin.o .libs/libclamav_la-yc.o .libs/libclamav_la-elf.o .libs/libclamav_la-sis.o .libs/libclamav_la-uuencode.o .libs/libclamav_la-phishcheck.o .libs/libclamav_la-phish_domaincheck_db.o .libs/libclamav_la-phish_whitelist.o .libs/libclamav_la-regex_list.o .libs/libclamav_la-regex_suffix.o .libs/libclamav_la-mspack.o .libs/libclamav_la-cab.o .libs/libclamav_la-entconv.o .libs/libclamav_la-hashtab.o .libs/libclamav_la-dconf.o .libs/libclamav_la-lzma_iface.o .libs/libclamav_la-explode.o .libs/libclamav_la-textnorm.o .libs/libclamav_la-dlp.o .libs/libclamav_la-js-norm.o .libs/libclamav_la-uniq.o .libs/libclamav_la-version.o .libs/libclamav_la-mpool.o .libs/libclamav_la-sha256.o .libs/libclamav_la-bignum.o .libs/libclamavS.o -Wl,--whole-archive ../libltdl/.libs/libltdlc.a lzma/.libs/liblzma.a ./.libs/libclamav_internal_utils.a -Wl,--no-whole-archive -L/usr/local/lib -lz -lpthread -ldl -Wl,--version-script -Wl,../libclamav/libclamav.map -Wl,-soname -Wl,libclamav.so.6 -o .libs/libclamav.so.6.0.5 /usr/bin/ld: /usr/local/lib/libz.a(adler32.o): relocation R_X86_64_32 against `a local symbol' can not be used when making a shared object; recompile with -fPIC /usr/local/lib/libz.a: could not read symbols: Bad value collect2: ld returned 1 exit status why do you have zlib in /usr/local/lib ? custom compiled? that's where the zlib package put it on install by default. Why isn't there a .so file? Linking a .a file (compiled without -fPIC) into a .so file (compiled with -fPIC) is not going to work on x86_64. I have no idea - I just followed the zlib instructions to run ./configure make make install You're getting into things I don't know - I'm no programmer here, please keep this simple, I'm just the system admin. George ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] clamav 0.95.3 doesn't make on Fedora Core 10
./configure runs fine but fails make here: /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\/usr/local/lib\ -g -O2 -fno-strict-aliasing -MT libclamav_la-matcher-ac.lo -MD -MP -MF .deps/libclamav_la-matcher-ac.Tpo -c -o libclamav_la-matcher-ac.lo `test -f 'matcher-ac.c' || echo './'`matcher-ac.c libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\/usr/local/lib\ -g -O2 -fno-strict-aliasing -MT libclamav_la-matcher-ac.lo -MD -MP -MF .deps/libclamav_la-matcher-ac.Tpo -c matcher-ac.c -fPIC -DPIC -o .libs/libclamav_la-matcher-ac.o libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\/usr/local/lib\ -g -O2 -fno-strict-aliasing -MT libclamav_la-matcher-ac.lo -MD -MP -MF .deps/libclamav_la-matcher-ac.Tpo -c matcher-ac.c -o libclamav_la-matcher-ac.o /dev/null 21 mv -f .deps/libclamav_la-matcher-ac.Tpo .deps/libclamav_la-matcher-ac.Plo /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\/usr/local/lib\ -g -O2 -fno-strict-aliasing -MT libclamav_la-matcher-bm.lo -MD -MP -MF .deps/libclamav_la-matcher-bm.Tpo -c -o libclamav_la-matcher-bm.lo `test -f 'matcher-bm.c' || echo './'`matcher-bm.c libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\/usr/local/lib\ -g -O2 -fno-strict-aliasing -MT libclamav_la-matcher-bm.lo -MD -MP -MF .deps/libclamav_la-matcher-bm.Tpo -c matcher-bm.c -fPIC -DPIC -o .libs/libclamav_la-matcher-bm.o In file included from matcher.h:28, from others.h:21, from matcher-bm.c:29: others.h: In function âcli_getpagesizeâ: others.h:363: error: â_SC_PAGESIZEâ undeclared (first use in this function) others.h:363: error: (Each undeclared identifier is reported only once others.h:363: error: for each function it appears in.) make[4]: *** [libclamav_la-matcher-bm.lo] Error 1 make[4]: Leaving directory `/home2/Linux-Software/clamav-0.95.3/libclamav' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home2/Linux-Software/clamav-0.95.3/libclamav' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home2/Linux-Software/clamav-0.95.3/libclamav' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home2/Linux-Software/clamav-0.95.3' make: *** [all] Error 2 -- ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com geor...@netwrx1.com ICQ #12862186 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 64bit RH ES5 Compile Error for Clamav 0.95.3
On Fri, 30 Oct 2009 16:56:43 -0700, you wrote: George R. Kasica wrote: I have no idea - I just followed the zlib instructions to run ./configure make make install You're getting into things I don't know - I'm no programmer here, please keep this simple, I'm just the system admin. It sounds like you installed zlib separately instead of using the package that comes with Red Hat. Is that correct? RHEL's package installs in /usr/lib and /usr/lib64, not in /usr/local/lib. It's also simpler to install. Just run yum install zlib zlib-devel and it'll download and install automatically, including any dependencies. That got it going. Thanks alotnow to get the fedora core 10 version to worksadly this isn't its problem :( George ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamav 0.95.3 doesn't make on Fedora Core 10
On Fri, 30 Oct 2009 22:45:08 -0500, you wrote: On Fri, 30 Oct 2009 19:00:57 -0500, you wrote: ./configure runs fine but fails make here: /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\/usr/local/lib\ -g -O2 -fno-strict-aliasing -MT libclamav_la-matcher-ac.lo -MD -MP -MF .deps/libclamav_la-matcher-ac.Tpo -c -o libclamav_la-matcher-ac.lo `test -f 'matcher-ac.c' || echo './'`matcher-ac.c libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\/usr/local/lib\ -g -O2 -fno-strict-aliasing -MT libclamav_la-matcher-ac.lo -MD -MP -MF .deps/libclamav_la-matcher-ac.Tpo -c matcher-ac.c -fPIC -DPIC -o .libs/libclamav_la-matcher-ac.o libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\/usr/local/lib\ -g -O2 -fno-strict-aliasing -MT libclamav_la-matcher-ac.lo -MD -MP -MF .deps/libclamav_la-matcher-ac.Tpo -c matcher-ac.c -o libclamav_la-matcher-ac.o /dev/null 21 mv -f .deps/libclamav_la-matcher-ac.Tpo .deps/libclamav_la-matcher-ac.Plo /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\/usr/local/lib\ -g -O2 -fno-strict-aliasing -MT libclamav_la-matcher-bm.lo -MD -MP -MF .deps/libclamav_la-matcher-bm.Tpo -c -o libclamav_la-matcher-bm.lo `test -f 'matcher-bm.c' || echo './'`matcher-bm.c libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\/usr/local/lib\ -g -O2 -fno-strict-aliasing -MT libclamav_la-matcher-bm.lo -MD -MP -MF .deps/libclamav_la-matcher-bm.Tpo -c matcher-bm.c -fPIC -DPIC -o .libs/libclamav_la-matcher-bm.o In file included from matcher.h:28, from others.h:21, from matcher-bm.c:29: others.h: In function âcli_getpagesizeâ: others.h:363: error: â_SC_PAGESIZEâ undeclared (first use in this function) others.h:363: error: (Each undeclared identifier is reported only once others.h:363: error: for each function it appears in.) make[4]: *** [libclamav_la-matcher-bm.lo] Error 1 make[4]: Leaving directory `/home2/Linux-Software/clamav-0.95.3/libclamav' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home2/Linux-Software/clamav-0.95.3/libclamav' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home2/Linux-Software/clamav-0.95.3/libclamav' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home2/Linux-Software/clamav-0.95.3' make: *** [all] Error 2 I saw the following post on the web but somehow not the mailing list regarding the above: From: Török Edwin edwintorok(at)gmail.com Date: Thu Oct 29 2009 - 10:29:42 EDT That is another issue, it is fixed by the patch I posted in another thread. Here it is again: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff_plain;h=6238a5ca06c07931b2f6ace62601ef43807df8e2;hp=55d97736bd289b53c93b652d88e5acd1886ec1bc Best regards, --Edwin How would one apply this patch and would it do any good in my case as I HAVE git installed. Never mind.Found the patch at the above URL, copied the text to a file and got it applied with patch -p1 patch-0.95.3 and reran configure, make and make install without any problems. -- ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com geor...@netwrx1.com ICQ #12862186 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Unable to compile clamav-0.95.3 on FreeBSD 6.2-RELEASE
Hi, Just try to update my Clam AV and receive problem, listed below, Any ideas? git: not found - git? libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL -I/usr/local/include -I/usr/local/include -DSEARCH_LIBDIR=\/usr/local/lib/elf\ -g -O2 -MT libclamav_la-uniq.lo -MD -MP -MF .deps/libclamav_la-uniq.Tpo -c uniq.c -o libclamav_la-uniq.o /dev/null 21 mv -f .deps/libclamav_la-uniq.Tpo .deps/libclamav_la-uniq.Plo git: not found *** Error code 127 Stop in /common/distrib/FreeBSD/configs/installscripts/antivirus/clamav/clamav-0.95. 3/libclamav. *** Error code 1 Stop in /common/distrib/FreeBSD/configs/installscripts/antivirus/clamav/clamav-0.95. 3/libclamav. *** Error code 1 Stop in /common/distrib/FreeBSD/configs/installscripts/antivirus/clamav/clamav-0.95. 3/libclamav. *** Error code 1 Stop in /common/distrib/FreeBSD/configs/installscripts/antivirus/clamav/clamav-0.95. 3. *** Error code 1 Stop in /common/distrib/FreeBSD/configs/installscripts/antivirus/clamav/clamav-0.95. 3. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] false positives for
Recently, the scan has been giving me: sda1/Program Files/Microsoft Office/Office12/EXCEL.EXE: W32.Virut.Gen.D-163 FOUND sda1/Program Files/Microsoft Office/Office12/excelcnv.exe: W32.Virut.Gen.D-163 FOUND sda1/WINDOWS/SoftwareDistribution/Download/754e3b95d1b56e045c85bd49529d92b4/xlconv.cab: W32.Virut.Gen.D-163 FOUND sda1/WINDOWS/SoftwareDistribution/Download/488b87313a382b81238c79301c751bbd/excel.cab: W32.Virut.Gen.D-163 FOUND sda1/WINDOWS/Installer/789ce7.msp: W32.Virut.Gen.D-163 FOUND sda1/WINDOWS/Installer/789cfb.msp: W32.Virut.Gen.D-163 FOUND Since a full scan with Windows defender doesn't detect this issue and http://virusscan.jotti.org/ shows that 789cfb.msp is virus free with all programs except clam, I think this is a false positive. see http://wsms.wikiplanet.com/mediawiki/index.php/Clamscan for additional details. Please advise. Thanks, George ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Problems builing in solaris related to unrar libraries
2007/05/03 version of /opt/SUNWspro/bin/../prod/bin/../../bin/dmake: Sun Distributed Make 7.8 SunOS_sparc 2007/05/03 -- ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com geor...@netwrx1.com ICQ #12862186 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Problems builing in solaris related to unrar libraries
I'm not sure how to use crle to do this, so I just added to the LD_LIBRARY_PATH setting. All seems well at this point, and you were correct, I wasn't looking to disable the feature. Why does this not occur in Red Hap ES4 but on Solaris? Also, I haven't needed to modify the env variables on any prior versions...what's changed?? George On 2009-03-17 18:43, George R. Kasica wrote: I've compiled the 0.95rc2 here on Solaris and when installed and I run the clamd I get the following error but its still running. # /usr/local/clamav/sbin/clamd LibClamAV Warning: Cannot dlopen: file not found - unrar support unavailable It is only a warning, you won't be able to scan RAR archives, but everything else should still work. Is /usr/local/clamav/lib on your runtime search path? If not I think you can use crle to add it, or set the LD_LIBRARY_PATH environment variable, and unrar should be working again. I thought all I had to do was to have it commented out in clamd.conf # Due to license issues libclamav does not support RAR 3.0 archives (onlythe # old 2.0 format is supported). Because some users report stability problems # with unrarlib it's disabled by default and you must uncomment the directive # below to enable RAR 2.0 support. # Default: disabled #ScanRAR This is an old configuration option that no longer exists. But that doesn't seem to stop it from trying to load rar support. If you don't want RAR support, you can configure with --disable-unrar, but I don't think that is what you want. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Problems builing in solaris related to unrar libraries
On Tue, 17 Mar 2009 20:07:19 +0200, you wrote: On 2009-03-17 20:02, George R. Kasica wrote: I'm not sure how to use crle to do this, so I just added to the LD_LIBRARY_PATH setting. All seems well at this point, and you were correct, I wasn't looking to disable the feature. Why does this not occur in Red Hap ES4 but on Solaris? Because on Red Hat you probably installed to /usr/local/lib or /usr/lib, which is already in the runtime linker's search path? No, both are installed to /usr/local/clamav same for both OS types here, it makes maintaining this easier on 52 servers when only 2 are Solaris and the rest are Red Hat EL4. Also, I haven't needed to modify the env variables on any prior versions...what's changed?? libclamunrar_iface is now loaded at runtime, see this page which explains why: https://wiki.clamav.net/52 Main/UpgradeNotes095#Packaging_and_Dependencies OK, though that still doesn't answer why it behaved differently under Solaris than Red Hat.I'm glad I only have 2 Solaris boxes that need the changes not 50.that would be a bit more workany way to avoid this in the future possibly as I'm now concerned if there would at some point be a change on the Linux side that affects this. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Problems builing in solaris related to unrar libraries
Bug #1476 created with the requested info. On 2009-03-17 20:19, George R. Kasica wrote: On Tue, 17 Mar 2009 20:07:19 +0200, you wrote: On 2009-03-17 20:02, George R. Kasica wrote: I'm not sure how to use crle to do this, so I just added to the LD_LIBRARY_PATH setting. All seems well at this point, and you were correct, I wasn't looking to disable the feature. Why does this not occur in Red Hap ES4 but on Solaris? Because on Red Hat you probably installed to /usr/local/lib or /usr/lib, which is already in the runtime linker's search path? No, both are installed to /usr/local/clamav same for both OS types here, it makes maintaining this easier on 52 servers when only 2 are Solaris and the rest are Red Hat EL4. That sounds like a bug (in configure, or libtool maybe?). Please open a bugreport on bugs.clamav.net, and provide the following information: * uname -a * the full configure line * attach config.log * attach clamav-config.h * attach the output of the following, both when LD_LIBRARY_PATH is set and not set: truss clamscan test/clam-v*.rar * attach the output of the following from your RHEL4 box: strace clamscan test/clam-v*.rar If it is a libtool problem I'll forward it upstream. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] announcing ClamAV 0.94rc1
On Thu, 21 Aug 2008 10:39:02 -0400 (EDT), you wrote: On Thu, 21 Aug 2008, Henrik K wrote: Who cares if it scans 100ms or 20ms. I prefer features and stability more For those of us who use it as an incoming mail scanner (which I seem to recall being the primary focus of clam from statements on this list) it matters a great deal. The rate of scanning has to keep up with the rate of incoming mail, or you have an ever-growing backlog. Also, the time difference isn't just 100ms vs 20ms -- there are some OLE documents that in the past have taken minutes to scan. I think most of these problems are solved now, but I wouldn't want to add back any solution that increases the time. Further, signatures are one thing, but in a server environment you do not want code to be updated automatically. Code updates usually have to be rolled out, tested first on a test server, then put into production. Chris: Exactly why we use it here along with Exim and spamassassin. Its one of a few products that I'm aware of that will integrate with the setup and work (as of now anyway) well wit them and quickly. We are barely keeping pace with mail now with 4 dual-core 3GHZ boxes I really don't want to slow this down or have to add more hardware due to a code change to make the tarball smaller or whatever the reason is. The goal should be to maximize the speed of the scanning (at least that has been the way they have been going in the past along with stability) I thought. As for updates, I agree 100% we're in exactly the same position here, taking automatic updates to signatures is one thing, taking them to code is quite another. If that occurs or becomes the way clamav works, I'm sorry to say but the corp. environment I work in will force me to look at another solution. EVERYTHING here code wise goes through test/qa/prod system our info security folks would fall over if they heard this idea, then they'd demand the product get pulled today. -- ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamav-0.93 error
George R. Kasica wrote: We have the same issue. I'd take a guess that it's because we're running zlib-1.2.1.2-1.2 which is the latest offered by RHEL 4. Ditto error here with zlib 1.2.3 and I've made sure there are no duplicate zlibs out here: the only one out here is /usr/local/lib/libz.a Read my next e-mail. We also had v1.2.3 version of /usr/local/lib/libz.a and got the same error. In /usr/lib we have the old rhel 4 version (I don't think that matters for this issue). I added the shared version of v1.2.3 (run configure -s if you have zlib source) to /usr/local/lib and all now works fine. Tried that here with no success :( -- George, Ginger/The Beast Kasica(8/1/88-3/19/01, 1/17/02-), Rosie(9/1/07- ), MR. Tibbs(8/1/90-5/24/06), Nazarene(6/1/99-1/28/08) Jackson, WI USA [EMAIL PROTECTED] http://www.netwrx1.com/georgek ICQ #12862186 (`-''-/).___..--''`-._ `6_ 6 ) `-. ( ).`-.__.`) (_Y_.)' ._ ) `._ `. ``-..-' _..`--'_..-_/ /--'_.' ,' (il),-'' (li),' ((!.-' ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem with main.cvd and daily.inc ?
/ | ++ ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -- ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Cannot build clamav-0.90.2 on FreeBSD 5.3-RELEASE
Hello all! I am tiring to update clamav from clamav-0.90.1 to clamav-0.90.2. Configure script complete successfully but when I run make, I get after while: gcc -g -O2 -o .libs/clamd output.o cfgparser.o getopt.o misc.o network.o options.o clamd.o tcpserver.o localserver.o session.o thrmgr.o server-th.o scanner.o others.o clamuko.o dazukoio_compat12.o dazukoio.o -L/usr/local/lib ../libclamav/.libs/libclamav.so -liconv -lz -lbz2 /usr/local/lib/libgmp.so -Wl,--rpath -Wl,/usr/local/lib network.o(.text+0x2b): In function `r_gethostbyname': ../shared/network.c:78: undefined reference to `gethostbyname_r' thrmgr.o(.text+0xa5): In function `thrmgr_destroy': /common/qmailrocks/clamav/clamav-0.90.2/clamd/thrmgr.c:127: undefined reference to `pthread_attr_destroy' thrmgr.o(.text+0x18b): In function `thrmgr_new': /common/qmailrocks/clamav/clamav-0.90.2/clamd/thrmgr.c:168: undefined reference to `pthread_attr_init' thrmgr.o(.text+0x19d):/common/qmailrocks/clamav/clamav-0.90.2/clamd/thrmgr.c :176: undefined reference to `pthread_attr_setdetachstate' thrmgr.o(.text+0x1ed):/common/qmailrocks/clamav/clamav-0.90.2/clamd/thrmgr.c :177: undefined reference to `pthread_attr_destroy' thrmgr.o(.text+0x28b): In function `thrmgr_worker': /common/qmailrocks/clamav/clamav-0.90.2/clamd/thrmgr.c:217: undefined reference to `pthread_cond_timedwait' thrmgr.o(.text+0x483): In function `thrmgr_dispatch': /common/qmailrocks/clamav/clamav-0.90.2/clamd/thrmgr.c:290: undefined reference to `pthread_create' *** Error code 1 Stop in /common/qmailrocks/clamav/clamav-0.90.2/clamd. *** Error code 1 Stop in /common/qmailrocks/clamav/clamav-0.90.2. *** Error code 1 Stop in /common/qmailrocks/clamav/clamav-0.90.2. Thanks! ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] GMP MP2, digital signature FreeBSD 6.0
Greetings, I have some problems with digital signatures with ClamAV 0.90. I receiving message: WARNING: ** GNU MP 2 or newer NOT FOUND - digital signature support will be disabled! when configuring ClamAV. I DO have installed libgmp (gmp-4.2.1). With the previous version of clamav (clamav-0.88.7 and older) a digital signature works normally. Thanks. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: GMP MP2, digital signature FreeBSD 6.0
Thanks!!! It was very helpful! ;) It was a stupid problem with path to libraries. I configure ClamAV with script: export CPPFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib ./configure Thanks a lot! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rene Berber Sent: Thursday, February 15, 2007 12:42 AM To: clamav-users@lists.clamav.net Subject: [Clamav-users] Re: GMP MP2, digital signature FreeBSD 6.0 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 George Eliozov wrote: I have some problems with digital signatures with ClamAV 0.90. I receiving message: WARNING: ** GNU MP 2 or newer NOT FOUND - digital signature support will be disabled! when configuring ClamAV. Assuming you built it yourself, look in config.log there should be some clues about what part of gmp it didn't find. Should be either an include file or a library, usually it's easy to fix (no need to install or rebuild anything). I DO have installed libgmp (gmp-4.2.1). With the previous version of clamav (clamav-0.88.7 and older) a digital signature works normally. The new version does things differently in the configuration, it is more general and it has a lot of new tests (which do nothing useful, like looking for Fortran) and do miss things like gmp which worked with older versions. - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF03QyL3NNweKTRgwRAgUMAKD4ECZ7IvWChc646m1PYqWMLkXTQgCfTWhU TJ98Ztth8TqhTwbRQIl9XkA= =A1E/ -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Freshclam stability as a daemon [was: DB Update email before actual update available?]
Two Linux boxes here, one Generic (used to be Caldera 2.2) and one Fedora Core 5 been running it on both for close to 18 monthsnot one failure that I'm aware of. Both boxes are fairly busy as well, the caldera is an email/list/web box and the FC5 is a weather map server/forecasting tools system (lots of CPU use and disk activity at the top of every hour). ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: To ClamAV Developers: donation question
On Wed, 08 Nov 2006 11:14:52 -0700, you wrote: In message [EMAIL PROTECTED] Gerard Seibert [EMAIL PROTECTED] wrote: On Wednesday November 08, 2006 at 11:16:21 (AM) Sergei Lavrov wrote: Some of the businesses I know do want to make donations. But is ClamAV able to issue invoice ? In other words, you are looking for a tax write off. You've never worked with corporate accountants, have you? Without a paper trail, the (correct) assumption is that the money is in whoever approved the expense's pocket. Agreedif I can't produce a receipt of invoice for the bean counters, its out of my pocket. Period. Doesn't matter if its $1 or $1000. ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186 ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] testing fails???
my smtpd/clamd system seems to be working correctly... no virus seen in a while, and logs of dropped viruses. :) however, today I decided for no particular reason that I'd like to see what my smtp rejections look like. So I tried to send myself a virus... humph, can't get it to test positive. :-\ Can anyone explain the discrepancy below? # clamdscan --config-file=/usr/local/etc/clamd.conf --no-summary clamav-0.88.4/test/clam.exe /usr/pkgsrc/mail/clamav/work/clamav-0.88.4/test/clam.exe: OK # clamscan --config-file=/usr/local/etc/clamd.conf --no-summary clamav-0.88.4/test/clam.exe clamav-0.88.4/test/clam.exe: ClamAV-Test-File FOUND my smtpd/clamd system uses that invocation of clamdscan. Since my system is clearly working, why cannot I use it on a positive test? // George -- George Georgalis, systems architect, administrator IXOYE ___ http://lurker.clamav.net/list/clamav-users.html
Re: ?^???G Re: [Clamav-users] clamav 0.88.4 freshclamd question
the following installed and running well gmp-4.1.4.tar.gz Does that mean I can come out from under my rock now? LOL...Dennis, let me apologize, I should have not hit the SEND key so quickly here. Its just lately I see so much of the can't/don't bother me type responses in so many of the lists that it makes me wonder why people bother to post a reply if they're not helping. We all have bad days and I'm the fiest to admit it wasn't a good one here that day. I should have followed my own rule and let that message sit over night. Hope you are having a good day there. ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav scan crashes server
Travis Rabe wrote: And one of the lrgest complaints from going from Windows to Linux is the lack of support and understanding from community groups. WOW - so what if he needs to be spoon fed? I am sure all of us at sometime (if yoiu came form WIndows) needed to be spoon fed. If you didn't - then great and good for you. Spoon feed the guy, don't ridicule him. Man. I don't see where there is any ridicule. Are you suggesting Windows people are delicate little flowers than require a gentle touch? That seems a bit of an insult. You know I don't usually comment on behavior of folks in lists either positive or negative but this touched a nerve here so you get to hear it. Sorry live with it. I've done IS for 24 years, WAY before there was an Internet as we see it today and most of it has been in a Unix environment though I do also work with Windows, Novell, DOS, you name it I've probably seen or worked wit it over the years. Frankly, the attitudes that I see from people like Dennis today make me wish for the way things were a few years ago. I can recall when in most cases you asked a question and got help with it. Sometimes the questions weren't asked in good form, were missing information, not in good English structure (remember the Internet covers more than just the US and English speaking countries folks) and you had to ask for more information to help the individual but it's only recently that I've seen people responding like Dennis here in a manner like they are just too good to be bothered. Simple solution to this is if you don't want to help someone just don't say ANYTING...why make the person feel worse for asking a question and trying to learn?? IF you're going to tell me they should RTFM that's a cop outlikely they have or they wouldn't be askinglet's face it docs are not perfect, neither are man pages if someone tells me there has never been a doc or a man page that was incorrect or missing a command line switch or option I'll be happy to show more than one example where something was missing or wrong. No one is suggesting that Windows folks are delicate little flowers but whatever happened to common courtesy in a conversation? I'd hope that is at least able to be expected from people that are supposedly adults and maybe even professional IS staffI'm hoping you don't use that sort of attitude at your day jobI know if I my staff treated users and staff in that manner they'd be looking for new employment in a hurrybut I guess since no one pays you to help here you feel that you can take whatever rude condescending attitude you please with people that are just looking for some help. Couple last words for the whole thing.sad, embarrassing and disgusting. Now why don't you go crawl back to whatever rock you were sunning yourself on - we're all so sorry we bothered you with a lowly question. ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186 ___ http://lurker.clamav.net/list/clamav-users.html
Re: ?^???G Re: [Clamav-users] clamav 0.88.4 freshclamd question
On Wed, 06 Sep 2006 21:04:16 -0700, you wrote: Wilson Kwok wrote: This problem just fixed, but when I ./freshclam have another problem occur: ./freshclam ClamAV update process started at Thu Sep 7 11:42:45 2006 SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES See the FAQ at http://www.clamav.net/faq.html for an explanation. main.cvd is up to date (version: 40, sigs: 64138, f-level: 8, builder: tkojm) daily.cvd is up to date (version: 1816, sigs: 3864, f-level: 8, builder: ccordes ) What is NO SUPPORT FOR DIGITAL SIGNATURES?? Your ClamAV installation was built without libgmp support. This library can be found here: http://www.swox.com/gmp/ It needs to be built and installed before building ClamAV so you will have support for digital signatures. It is a very nice math library. Be sure to check the version requirements so that you don't install the wrong version. Good note on the version Dennis, it IS version picky as I recall...though I don't have the specifics in front of me, I know they are in the docs that come with ClamAV. Looking at my box here I'm got the following installed and running well gmp-4.1.4.tar.gz Quick note as well on compile time, its also relatively a long make and compile process at least here, so don't be in a hurry to see it finish. I seem to recall mine took near an hour or so but again that was on a P-III 933 box so you may likely have a faster box and better compile time. ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamscan taking 14 hours to run
I am running Clam on a 2.0Ghz Celeron with 256mb of memory, and 12 gb used of a 20gb hard drive. I started the process running and it took 14 hours before completing the entire drive. Here is how I called clamscan: clamscan --exclude=.mp3 --exclude=.jpg --exclude=.wma -i -r -l clam.out c:\ Any help to reduce the scan time would be appreciated. I'm seeing similar performance issues here and also it will reboot at times as well if you come up with something yell. ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: False Positive I think
On Sat, 18 Feb 2006 11:33:22 +0100, you wrote: George R. Kasica [EMAIL PROTECTED] schrieb im Newsbeitrag news:[EMAIL PROTECTED] what do I need to do to submit it as a false positive? submit it here: http://www.clamav.net/sendvirus.html Best regards, Sven It's on its way right now. Thank you for the quick reply. ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186 ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] False Positive I think
On Fri, 17 Feb 2006 20:15:09 +0100, you wrote: On Fri, 17 Feb 2006 19:55:20 +0100 Oliver Stöneberg [EMAIL PROTECTED] wrote: ClamAV still doesn't ctach all variants of a Parite.B Please show me an active variant of Parite.B that is not detected by ClamAV and at the same time is not a false positive detection of some 3rd party scanners. Then I will owe you a beer ;-) running 0.88 of WinClam here and am getting a hit on the following file: C:\Program Files\QVLINK\QVLINK32.EXE: W32.CIH.1003 FOUND Now I've reinstalled the program (used to dl images from a casio digital camera) from CD here (I know thats not a guarantee its free of virii) but commercial software (Sophos) and McAffee did not complain about itwhat do I need to do to submit it as a false positive? Thanks, ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial Phishing Signatures
On Thu, 02 Feb 2006 19:40:17 +, you wrote: Dennis Davis wrote: Very useful. I started using these signatures on this University's mail servers on Monday. Appended below are the stats on the incoming crap they stopped yesterday (Tuesday). Virus Count - - Total 308 The total incoming virus count for yesterday was 512[1]. So these signatures account for some 60% of what was detected. Thanks for those stats :) I'm glad they seem to be working great. I've just done an sig update, increasing from 164 sigs to 199 sigs. Hopefully, they improve things a little more :) Cheers, Steve Steve or Dennis: Where did you get the tool to get clamav stats? We just installed it here and could really use something like that. Thanks, ===[George R. Kasica]===+1 262 677 0766 President +1 206 374 6482 FAX Netwrx Consulting Inc. Jackson, WI USA http://www.netwrx1.com [EMAIL PROTECTED] ICQ #12862186 ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Upload did not work ... sorry
Hello, Seems something is wrong with online scanner. I tried to upload samle .zip attachment invected with Trojan.Spy.Goldun.ah and got the following error: Upload did not work ... sorry Best Regards, -- George Chelidze ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter dies after working ok for some hours
[EMAIL PROTECTED] wrote: Hi We have a fairly big sendmail+clamav+clamav-milter setup, with 15000+ accounts. Since last week we are experimenting several errors with this combination. Tried to upgrade to latest version, with same results, so now we downgraded to our last stable situation, running clamav and milter version 0.83, and sendmail 8.12.8. Basically what happens is that clamav-milter dies, and then sendmail starts to refuse commands. I believe it is a 3 face thing. First it is common to see logs like this one, but mail still works: May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): read returned -1: Connection reset by remote.host.com May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): to error state May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): init failed to open May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): to error state May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter: initialization failed, rejecting commands Some minutes laters, we start to see: May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter (clamav): error connecting to filter: Connection refused by /var/clamav/clmilter.socket May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter (clamav): to error state May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter: initialization failed, rejecting commands May 21 05:32:01 smtp sendmail[6018]: j4L8RRqX006018: Milter (clamav): error connecting to filter: Connection refused by /var/clamav/clmilter.socket May 21 05:32:01 smtp sendmail[6018]: j4L8RRqX006018: Milter (clamav): to error state When it finally dies, we see: May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter (clamav): write(D) returned -1, expected 5: Broken pipe May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter (clamav): to error state May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter: [EMAIL PROTECTED], reject=550 5.7.1 Command rejected May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter (clamav): local socket name /var/clamav/clmilter.socket unsafe May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter (clamav): to error state May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter: initialization failed, rejecting commands At this point, clamav-milter is gone, and the sockets is non existant. Sendmail accepts connections, but refuses to receive any command. If we restart clamav-milter, it works again smoothly for about 3-6 hours. Any clue? Please let us know what other information might me useful to debug this. The relevant configuration parts are: clamd.conf: PidFile /var/run/clamav/clamd.pid LocalSocket /var/run/clamav/clamd.sock /etc/sysconfig/clamav-milter: CLAMAV_FLAGS= --config-file=/etc/clamd.conf --max-children=240 --force-scan --quiet --dont-log-clean --noreject --dont-scan-on-error -ol local:/var/clamav/clmilter.socket /etc/mail/sendmail.cf: Xclamav, S=local:/var/clamav/clmilter.socket, F=R, T=S:10m;R:10m;E:10m Thanks. ___ http://lurker.clamav.net/list/clamav-users.html try --external Best Regards, -- George Chelidze ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav-milter doesn't start after upgrade to 0.85
Hello,
System: RH 7.3, kernel: 2.4.24, gcc 2.96
I tried to upgrade to 0.85 this morning. Everything compiled just fine,
clamd started fine but clamav-milter doesn't start. It outputs the
following in debug mode:
LibClamAV debug: Running as user clamav (UID 101, GID 11)
LibClamAV debug: pingServer-1: sending VERSION
LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Making /tmp/clamav-71886380fcea2de4
and then nothing. /tmp/clamav-71886380fcea2de4 has been created. Anyone
seeing the same on their systems? Any ideas?
Here are my config files:
clamav-milter starts this way:
daemon /usr/sbin/chroot /usr/local/clamav /sbin/clamav-milter
${CLAMAV_FLAGS}
clamav-milter.conf
CLAMAV_FLAGS=-c /etc/clamd.conf -nlPH unix:/ctl/clamav-milter.ctl
--external
clamd.conf
LogFile /var/log/clamd.log
LogFileMaxSize 20M
LogTime
LogFacility LOG_MAIL
LogSyslog
PidFile /var/run/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /bases
LocalSocket /ctl/clamd.ctl
FixStaleSocket
ExitOnOOM
MaxConnectionQueueLength 30
StreamMaxLength 10M
MaxThreads 64
ReadTimeout 180
IdleTimeout 30
MaxDirectoryRecursion 15
SelfCheck 3600
User clamav
ScanPE
ScanHTML
ScanOLE2
ScanMail
ScanArchive
ScanRAR
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200
--
George Chelidze
___
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter doesn't start after upgrade to 0.85
Nigel Horne wrote:
On Friday 13 May 2005 07:21, George Chelidze wrote:
Hello,
System: RH 7.3, kernel: 2.4.24, gcc 2.96
I tried to upgrade to 0.85 this morning. Everything compiled just fine,
clamd started fine but clamav-milter doesn't start. It outputs the
following in debug mode:
LibClamAV debug: Running as user clamav (UID 101, GID 11)
LibClamAV debug: pingServer-1: sending VERSION
LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Making /tmp/clamav-71886380fcea2de4
and then nothing. /tmp/clamav-71886380fcea2de4 has been created. Anyone
seeing the same on their systems? Any ideas?
Here are my config files:
clamav-milter starts this way:
daemon /usr/sbin/chroot /usr/local/clamav /sbin/clamav-milter
${CLAMAV_FLAGS}
clamav-milter.conf
CLAMAV_FLAGS=-c /etc/clamd.conf -nlPH unix:/ctl/clamav-milter.ctl
--external
clamd.conf
LogFile /var/log/clamd.log
LogFileMaxSize 20M
LogTime
LogFacility LOG_MAIL
LogSyslog
PidFile /var/run/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /bases
LocalSocket /ctl/clamd.ctl
FixStaleSocket
ExitOnOOM
MaxConnectionQueueLength 30
StreamMaxLength 10M
MaxThreads 64
ReadTimeout 180
IdleTimeout 30
MaxDirectoryRecursion 15
SelfCheck 3600
User clamav
ScanPE
ScanHTML
ScanOLE2
ScanMail
ScanArchive
ScanRAR
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200
Have you restarted clamd after the installation?
sure.
--
George Chelidze
___
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter doesn't start after upgrade to 0.85
Nigel Horne wrote:
On Friday 13 May 2005 10:56, George Chelidze wrote:
Nigel Horne wrote:
On Friday 13 May 2005 07:21, George Chelidze wrote:
Hello,
System: RH 7.3, kernel: 2.4.24, gcc 2.96
I tried to upgrade to 0.85 this morning. Everything compiled just fine,
clamd started fine but clamav-milter doesn't start. It outputs the
following in debug mode:
LibClamAV debug: Running as user clamav (UID 101, GID 11)
LibClamAV debug: pingServer-1: sending VERSION
LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Making /tmp/clamav-71886380fcea2de4
and then nothing. /tmp/clamav-71886380fcea2de4 has been created. Anyone
seeing the same on their systems? Any ideas?
Here are my config files:
clamav-milter starts this way:
daemon /usr/sbin/chroot /usr/local/clamav /sbin/clamav-milter
${CLAMAV_FLAGS}
clamav-milter.conf
CLAMAV_FLAGS=-c /etc/clamd.conf -nlPH unix:/ctl/clamav-milter.ctl
--external
clamd.conf
LogFile /var/log/clamd.log
LogFileMaxSize 20M
LogTime
LogFacility LOG_MAIL
LogSyslog
PidFile /var/run/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /bases
LocalSocket /ctl/clamd.ctl
FixStaleSocket
ExitOnOOM
MaxConnectionQueueLength 30
StreamMaxLength 10M
MaxThreads 64
ReadTimeout 180
IdleTimeout 30
MaxDirectoryRecursion 15
SelfCheck 3600
User clamav
ScanPE
ScanHTML
ScanOLE2
ScanMail
ScanArchive
ScanRAR
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200
Have you restarted clamd after the installation?
sure.
Remove the file /ctl/clamav-milter.ctl (if it exists) and restart
clamav-milter. Has
/ctl/clamav-milter.ctl been recreated?
No, it's not...
from /var/log/maillog:
May 13 10:08:58 ns sendmail[12068]: j4D68wIm012068: Milter (clamav):
local socket name /usr/local/clamav/ctl/clamav-milter.ctl unsafe
May 13 10:08:58 ns sendmail[12068]: j4D68wIm012068: Milter (clamav): to
error state
May 13 10:08:58 ns sendmail[12068]: j4D68wIm012068: Milter: connect to
filters
I have checked /usr/local/clamav/ctl/clamav-milter.ctl and it doesn't
exist. Also nothing in /usr/local/clamav/var/log/clamd.log.
Thanks,
--
George Chelidze
___
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter doesn't start after upgrade to 0.85
George Chelidze wrote:
Hello,
System: RH 7.3, kernel: 2.4.24, gcc 2.96
I tried to upgrade to 0.85 this morning. Everything compiled just fine,
clamd started fine but clamav-milter doesn't start. It outputs the
following in debug mode:
LibClamAV debug: Running as user clamav (UID 101, GID 11)
LibClamAV debug: pingServer-1: sending VERSION
LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Making /tmp/clamav-71886380fcea2de4
and then nothing. /tmp/clamav-71886380fcea2de4 has been created. Anyone
seeing the same on their systems? Any ideas?
Here are my config files:
clamav-milter starts this way:
daemon /usr/sbin/chroot /usr/local/clamav /sbin/clamav-milter
${CLAMAV_FLAGS}
clamav-milter.conf
CLAMAV_FLAGS=-c /etc/clamd.conf -nlPH unix:/ctl/clamav-milter.ctl
--external
clamd.conf
LogFile /var/log/clamd.log
LogFileMaxSize 20M
LogTime
LogFacility LOG_MAIL
LogSyslog
PidFile /var/run/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /bases
LocalSocket /ctl/clamd.ctl
FixStaleSocket
ExitOnOOM
MaxConnectionQueueLength 30
StreamMaxLength 10M
MaxThreads 64
ReadTimeout 180
IdleTimeout 30
MaxDirectoryRecursion 15
SelfCheck 3600
User clamav
ScanPE
ScanHTML
ScanOLE2
ScanMail
ScanArchive
ScanRAR
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200
Found a problem:
/usr/local/clamav/var/log/clamd.log was owned by root:root mode 640
versions below 0.85 did not report any problems with that, while 0.85 did:
May 13 14:39:32 ns chroot: /var/log/clamd.log: Permission denied
May 13 14:39:32 ns clamav-milter: chroot startup succeeded
I have changed it to clamav:clamav 640 and now everything works fine.
Thanks to Nigel who encouraged me to look at my logs once again. The
reason I failed to find these messages earlier was that they were found
in /var/log/boot.log.
--
George Chelidze
___
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter doesn't start after upgrade to 0.85
Nigel Horne wrote:
On Friday 13 May 2005 11:34, George Chelidze wrote:
Nigel Horne wrote:
On Friday 13 May 2005 10:56, George Chelidze wrote:
Nigel Horne wrote:
On Friday 13 May 2005 07:21, George Chelidze wrote:
Hello,
System: RH 7.3, kernel: 2.4.24, gcc 2.96
I tried to upgrade to 0.85 this morning. Everything compiled just fine,
clamd started fine but clamav-milter doesn't start. It outputs the
following in debug mode:
LibClamAV debug: Running as user clamav (UID 101, GID 11)
LibClamAV debug: pingServer-1: sending VERSION
LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Making /tmp/clamav-71886380fcea2de4
and then nothing. /tmp/clamav-71886380fcea2de4 has been created. Anyone
seeing the same on their systems? Any ideas?
Here are my config files:
clamav-milter starts this way:
daemon /usr/sbin/chroot /usr/local/clamav /sbin/clamav-milter
${CLAMAV_FLAGS}
clamav-milter.conf
CLAMAV_FLAGS=-c /etc/clamd.conf -nlPH unix:/ctl/clamav-milter.ctl
--external
clamd.conf
LogFile /var/log/clamd.log
LogFileMaxSize 20M
LogTime
LogFacility LOG_MAIL
LogSyslog
PidFile /var/run/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /bases
LocalSocket /ctl/clamd.ctl
FixStaleSocket
ExitOnOOM
MaxConnectionQueueLength 30
StreamMaxLength 10M
MaxThreads 64
ReadTimeout 180
IdleTimeout 30
MaxDirectoryRecursion 15
SelfCheck 3600
User clamav
ScanPE
ScanHTML
ScanOLE2
ScanMail
ScanArchive
ScanRAR
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200
Have you restarted clamd after the installation?
sure.
Remove the file /ctl/clamav-milter.ctl (if it exists) and restart
clamav-milter. Has
/ctl/clamav-milter.ctl been recreated?
No, it's not...
from /var/log/maillog:
May 13 10:08:58 ns sendmail[12068]: j4D68wIm012068: Milter (clamav):
local socket name /usr/local/clamav/ctl/clamav-milter.ctl unsafe
May 13 10:08:58 ns sendmail[12068]: j4D68wIm012068: Milter (clamav): to
error state
May 13 10:08:58 ns sendmail[12068]: j4D68wIm012068: Milter: connect to
filters
I have checked /usr/local/clamav/ctl/clamav-milter.ctl and it doesn't
exist. Also nothing in /usr/local/clamav/var/log/clamd.log.
What's /usr/local/clamav/var/log/clamd.log?
I didn't ask for /usr/local/clamav/ctl/clamav-milter.ctl, I asked for /ctl/clamav-milter.ctl
clamav is chrooted under /usr/local/clamav:)
Thanks,
-Nigel
--
George Chelidze
___
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter doesn't start after upgrade to 0.85
Nigel Horne wrote:
On Friday 13 May 2005 11:52, George Chelidze wrote:
George Chelidze wrote:
Hello,
System: RH 7.3, kernel: 2.4.24, gcc 2.96
I tried to upgrade to 0.85 this morning. Everything compiled just fine,
clamd started fine but clamav-milter doesn't start. It outputs the
following in debug mode:
LibClamAV debug: Running as user clamav (UID 101, GID 11)
LibClamAV debug: pingServer-1: sending VERSION
LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Making /tmp/clamav-71886380fcea2de4
and then nothing. /tmp/clamav-71886380fcea2de4 has been created. Anyone
seeing the same on their systems? Any ideas?
Here are my config files:
clamav-milter starts this way:
daemon /usr/sbin/chroot /usr/local/clamav /sbin/clamav-milter
${CLAMAV_FLAGS}
clamav-milter.conf
CLAMAV_FLAGS=-c /etc/clamd.conf -nlPH unix:/ctl/clamav-milter.ctl
--external
clamd.conf
LogFile /var/log/clamd.log
LogFileMaxSize 20M
LogTime
LogFacility LOG_MAIL
LogSyslog
PidFile /var/run/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /bases
LocalSocket /ctl/clamd.ctl
FixStaleSocket
ExitOnOOM
MaxConnectionQueueLength 30
StreamMaxLength 10M
MaxThreads 64
ReadTimeout 180
IdleTimeout 30
MaxDirectoryRecursion 15
SelfCheck 3600
User clamav
ScanPE
ScanHTML
ScanOLE2
ScanMail
ScanArchive
ScanRAR
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200
Found a problem:
/usr/local/clamav/var/log/clamd.log was owned by root:root mode 640
versions below 0.85 did not report any problems with that, while 0.85 did:
May 13 14:39:32 ns chroot: /var/log/clamd.log: Permission denied
May 13 14:39:32 ns clamav-milter: chroot startup succeeded
Clamav-milter versions prior to 0.85 tended to not notice that permissions
issue,
the error message is more likely to appear in 0.85. It is probable that the
issue
has been on your machine from the year dot, but never been reported...
Yes, I think this is the case. Thanks for your help.
I have changed it to clamav:clamav 640 and now everything works fine.
Thanks to Nigel who encouraged me to look at my logs once again. The
reason I failed to find these messages earlier was that they were found
in /var/log/boot.log.
--
George Chelidze
___
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav on Mac OS X 10.4 Server
In the end, make fails with: In file included from ./zziplib/zzip.h:21, from zziplib/zzip-dir.c:18: ./zziplib/zziplib.h:91: error: parse error before zzip_ssize_t ./zziplib/zziplib.h:91: warning: data definition has no type or storage class ./zziplib/zziplib.h:194: error: parse error before zzip_file_read ./zziplib/zziplib.h:194: warning: data definition has no type or storage class ./zziplib/zziplib.h:201: error: parse error before zzip_read ./zziplib/zziplib.h:201: warning: data definition has no type or storage class make[2]: *** [zzip-dir.lo] Error 1 I've been able to get it to build by hacking the configure and Makefile files to death and using a build/break method to alter the build environment. Dale, Why don't you post back your hack of configure and Makefile, so others could build it themselves instead of posting binaries. Would be appreciated. G I've sent an installer to several people now but it sure would be nice if someone would host the installer (in tar.gz format) to alleviate the e-mail stress I'm under due to being the only one being able to build it in 10.4. -- Dale ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Size limit reached
I'm running Exim 4.5 with ClamAv 0.83 I was wondering what is happening when you get the following warning, or better yet - why is it happening? Thu Mar 10 11:57:51 2005 - WARNING: ScanStream: Size limit reached ( max: 10485760) Thanks ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] libclamav
Victor wrote: Hello, Print's: [EMAIL PROTECTED]:/home/victor# ldd /usr/bin/clamscan libclamav.so.1 = /usr/lib/libclamav.so.1 (0x4001a000) It's under /usr/lib :) libz.so.1 = /usr/lib/libz.so.1 (0x4006) libbz2.so.1 = /lib/libbz2.so.1 (0x40071000) libgmp.so.3 = /usr/lib/libgmp.so.3 (0x4008) libpthread.so.0 = /lib/libpthread.so.0 (0x400ad000) libnsl.so.1 = /lib/libnsl.so.1 (0x400fe000) libc.so.6 = /lib/libc.so.6 (0x40113000) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x4000) Thanks :-) - Original Message - From: Tomasz Kojm [EMAIL PROTECTED] To: ClamAV users ML clamav-users@lists.clamav.net Sent: Thursday, February 24, 2005 9:08 AM Subject: Re: [Clamav-users] libclamav ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html -- George Chelidze ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Freshclam and Cron
[EMAIL PROTECTED] wrote: Freshclam via cron What sort of update intervals are people using, and can someone show me a working crontab entry? I've tried calling freshclam like this via a crontab entry 06 0 * * * /usr/local/bin/freshclam BUt it doesn't seem to work. Which means I'm probably missing somethign obvious. ___ http://lurker.clamav.net/list/clamav-users.html -- CUT HERE -- #!/bin/bash sleep $[ 900 + $RANDOM % 1800 ] ; /usr/sbin/chroot /usr/local/clamav /bin/freshclam -u clamav --config-file=/etc/freshclam.conf --quiet --CUT HERE -- I placed this script into /etc/cron.hourly and it works just fine. The command line looks a bit long because I decided to chroot clamd/clamav-milter/freshclam under /usr/local/clamav Best Regards, -- George Chelidze ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Reject - 451 4.3.2 Please try again later
Seems devel-20050209 and devel-20050210 contain the same clamav-milter.c. AFAIK the problem is with clamav-milter, so it wouldn't help. Anyway, I'll give it a try... Nigel Horne wrote: On Thursday 10 Feb 2005 16:52, George Chelidze wrote: Try 0.82c or later. which snapshot corresponds to 0.82c? I have tried devel-20050209 and problem is still there, at least on my box. Try tonight's. -Nigel ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Reject - 451 4.3.2 Please try again later
Hello Clive, Clive Messer wrote: On Friday 11 Feb 2005 14:24, George Chelidze wrote: Seems devel-20050209 and devel-20050210 contain the same clamav-milter.c. AFAIK the problem is with clamav-milter, so it wouldn't help. Anyway, I'll give it a try... FC3 rpms rebuilt with clamav-milter.c '#undef SESSION' I don't use FC3, neither rpms. I compile it from source. Both sources (mentioned above) seems to contain the same clamav-milter.c code, so why the last should work and the first not. #define SESSION /*bla bla bla*/ is commented in both of them so I think it's the same as #undef SESSION, isn't it? http://www.vacuumtube.org.uk/clamav/clamav-0.82-1.2.i386.rpm http://www.vacuumtube.org.uk/clamav/clamav-milter-0.82-1.2.i386.rpm http://www.vacuumtube.org.uk/clamav/clamav-devel-0.82-1.2.i386.rpm SRC RPM (with session-undef.patch) http://www.vacuumtube.org.uk/clamav/clamav-0.82-1.2.src.rpm Clive Best Regards, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Reject - 451 4.3.2 Please try again later
Dear Clive, Clive Messer wrote: On Friday 11 Feb 2005 14:53, George Chelidze wrote: Hi George, I don't use FC3, neither rpms. I compile it from source. Both sources (mentioned above) seems to contain the same clamav-milter.c code, so why the last should work and the first not. #define SESSION /*bla bla bla*/ is commented in both of them so I think it's the same as #undef SESSION, isn't it? I don't know. What I do know is that I had the issue when I installed clamav-0.82 from the RPM which originally had 'SESSION' defined eg. LibClamAV Warning: Session 0 has gone down LibClamAV Warning: Session 0 restarted OK LibClamAV Warning: Session 1 has gone down LibClamAV Warning: Session 1 restarted OK LibClamAV Warning: Session 2 has gone down LibClamAV Warning: Session 2 restarted OK LibClamAV Warning: Session 3 has gone down LibClamAV Warning: Session 3 restarted OK LibClamAV Warning: Session 4 has gone down LibClamAV Warning: Session 4 restarted OK LibClamAV Warning: Session 5 has gone down LibClamAV Warning: Session 5 restarted OK LibClamAV Warning: Session 6 has gone down LibClamAV Warning: Session 6 restarted OK LibClamAV Warning: Session 7 has gone down LibClamAV Warning: Session 7 restarted OK LibClamAV Warning: Session 8 has gone down LibClamAV Warning: Session 8 restarted OK LibClamAV Warning: Session 9 has gone down connect: Network is unreachable connect: Connection refused connect: Connection timed out Wed Feb 9 13:29:23 2005 - ERROR: ScanStream: accept timeout. Wed Feb 9 13:29:23 2005 - ERROR: ScanStream: accept timeout. Since rebuilding clamav-0.82 with '#undef SESSION' I no longer have a clamd log full of errors and a maillog full of ... eg. 'sb75g2 sendmail[14264]: j18J8ro6014264: Milter: data, reject=451 4.3.2 Please try again later'. Milter and clamd were restarted 27 hours ago after rebuild with '#undef SESSION'. No errors since. If '#undef SESSION' does not explain that then I really don't know. YMMV. I understand your point. I have just replied to Nigel who adviced me to use devel-20050210 and stated that I think it wouldn't help as it's the same code of clamav-miter.c. Anyway, it's up and running and waiting for a new db update to hang it or pass through, who knows:) Regards Clive Best Regards, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Reject - 451 4.3.2 Please try again later
Hello Nigel, Nigel Horne wrote: On Thursday 10 Feb 2005 15:36, Bret wrote: I too have been suffering from this problem, but I can't find any errors in my clamd.log file. Just occasionally since upgrading to .82 do I start getting these errors in my mail logs: Milter: data, reject=451 4.3.2 Please try again later Try 0.82c or later. which snapshot corresponds to 0.82c? I have tried devel-20050209 and problem is still there, at least on my box. -Nigel ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Best Regards, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] failed to send SCAN (null) command to clamd
Hello Kritof, Kritof Petr wrote: George Chelidze wrote: Hello, I have yesterday upgraded to 0.82 on two servers (RedHat 7.3 kernel 2.4.24) yesterday morning and everything went fine. This morning I found that on both servers clamd is running but viruses are not detected. I run freshclam from cron every hour between 15 and 45 minutes randomly so both servers outputed the following into log files and stoped to work after daily update (701) was loaded between 20:15:00 UTC Feb 8 2005 and 20:45:00 UTC Feb 2005: Tue Feb 8 23:42:37 2005 - No stats for Database check - forcing reload Tue Feb 8 23:42:38 2005 - Reading databases from /bases Tue Feb 8 23:42:39 2005 - Database correctly reloaded (30353 viruses) my maillog file reports contains a lot of messages like this: Feb 8 23:26:10 ns clamav-milter[1141]: failed to send SCAN (null) command to clamd Feb 8 23:26:45 ns clamav-milter[1148]: failed to send SCAN (null) command to clamd Feb 8 23:26:54 ns clamav-milter[1150]: failed to send SCAN (null) command to clamd When it happens on next time, try to run clamdscan to check the clamd is running fine and problem is in clamav-milter itself. It happened again on database reload. I followed your advice and seems clamd is ok, clamav-milter fails. I'll try daily snapshot and reply back soon. Thanks, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: failed to send SCAN (null) command to clamd
Hello, Matias Lopez Bergero wrote: George Chelidze wrote: Hello Kritof, Kritof Petr wrote: George Chelidze wrote: When it happens on next time, try to run clamdscan to check the clamd is running fine and problem is in clamav-milter itself. It happened again on database reload. I followed your advice and seems clamd is ok, clamav-milter fails. I'll try daily snapshot and reply back soon. With clamdscan works OK. I have tried the nightly snapshot a it's working good. I have checked devel-20050209 and clamav-milter failed again. downgraded to 0.81. Any ideas? I can provide more information if required. Thanks in advance. Best Regards, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] failed to send SCAN (null) command to clamd
Hello, I have yesterday upgraded to 0.82 on two servers (RedHat 7.3 kernel 2.4.24) yesterday morning and everything went fine. This morning I found that on both servers clamd is running but viruses are not detected. I run freshclam from cron every hour between 15 and 45 minutes randomly so both servers outputed the following into log files and stoped to work after daily update (701) was loaded between 20:15:00 UTC Feb 8 2005 and 20:45:00 UTC Feb 2005: Tue Feb 8 23:42:37 2005 - No stats for Database check - forcing reload Tue Feb 8 23:42:38 2005 - Reading databases from /bases Tue Feb 8 23:42:39 2005 - Database correctly reloaded (30353 viruses) my maillog file reports contains a lot of messages like this: Feb 8 23:26:10 ns clamav-milter[1141]: failed to send SCAN (null) command to clamd Feb 8 23:26:45 ns clamav-milter[1148]: failed to send SCAN (null) command to clamd Feb 8 23:26:54 ns clamav-milter[1150]: failed to send SCAN (null) command to clamd clamd reload didn't help so I decided to restart clamav-milter and started to catch viruses. I run clamav-milter with the following arguments: CLAMAV_FLAGS=-c /etc/clamd.conf -nlPH unix:/ctl/clamav-milter.ctl --external here is clamd.conf: LogFile /var/log/clamd.log LogFileMaxSize 20M LogTime LogFacility LOG_MAIL LogSyslog PidFile /var/run/clamd.pid TemporaryDirectory /tmp DatabaseDirectory /bases LocalSocket /ctl/clamd.ctl FixStaleSocket ExitOnOOM MaxConnectionQueueLength 30 StreamMaxLength 10M MaxThreads 64 ReadTimeout 180 IdleTimeout 30 MaxDirectoryRecursion 15 SelfCheck 3600 User clamav ScanPE ScanHTML ScanOLE2 ScanMail ScanArchive ScanRAR ArchiveMaxFileSize 10M ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 ArchiveMaxCompressionRatio 200 Any idea what happened and how can I avoid the same in future? Thanks in advance. Best Regards, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] initial configure
Hello Arkady, Arkady V.Belousov wrote: Hi! 6-ñÎ×-2005 20:22 [EMAIL PROTECTED] (Jim Maul) wrote to ClamAV users ML clamav-users@lists.clamav.net: JM http://www.clamav.net/abstract.html#pagestart JM The package provides a flexible and scalable multi-threaded daemon, a JM command line scanner, and a tool for automatic updating via Internet. Let me rephrase myself: may I update bases manually and without running any 3rd party beasties like web servers on my machine? How to download Ok, I have cerefully listed through this thread and first thought the only acceptable method for you was to receive updates via email. (AFAIK, there is no such list to which you can subscribe and receive updates),later I have found out that ftp is acceptable so you agree to be connected to the internet (directly or inderectly) and fetch clamav updates manually. In this case I don't understand why you don't like freshclam. Say there is a server on the net which supports ftp method of database retrieval. Do you think it will be more secure for you to retrieve updates from this server via ftp rather than retrieve updates using native freshclam? (don't think so). Ideally there are 2 ways (I can't think about others) to get updates online: 1. Someone/Something sends them to you/me/others via smtp/ftp/http/etc... 2. Someone/Something put these files somewhere on the net and you/me/others retrieve them using supported protocol pop3/ftp/http/etc... In the first case you should be running appropriate server to accept this information and then use it when and how you like. In the second case you should be running apropriate client to contact a server and retrieve this information for future use. So: 1. AFAIK the first way is not available. 2. People who are so kind to update bases for you/me/others place db updates to predefined locations and you/me/others may retrieve them using http. Most of clamav users use freshclam for this purpose, you can create your own tool if you like. I hope I made myself clear enough. Just my 2 cents. bases for manual update (preferably without online, but ftp also acceptable)? ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Best Regards, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamav as HTTP scanner?
Hi Freddie, On Wed, 15 Dec 2004 09:36:03 -0800, Freddie Cash [EMAIL PROTECTED] wrote: On December 15, 2004 08:57 am, Rainer Zocholl wrote: In the really meanwhile long long linear list of mail scanners I only see the (non GPLed) DansGuardian Anti-Virus Patch. Do you mean that? AFAIK is DansGuardian payware except for private use. Please do at least the bare minimum research before posting things like the above. Opening even the first page of the DansGuardian website will show that it is available free (as in no money), for anyone to use (at home, at work, at school, whereever). Yes, there is a commercial web content filter that uses a lot of the DansGuardian technology, and even employs the primary DG programmer, but DG is available for anybody to use, completely free, and even includes the sourcecode. I shrugged away from using DansGuardian in my office because I found on the page. http://dansguardian.org/?page=copyright2 the following DansGuardian 2 is: * free for non-commercial use * not free for installation by 3rd parties charging for installation or support * not free for commercial use * licensed under the GPL * copyright Daniel Barron * is a registered trade mark of Daniel Barron So the THIRD item says not free for commercial use What does commercial use mean? Is it that Igot something wrong? can I use it for my office for free? Thankyou so much Kind Regards Siju ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamav as HTTP scanner?
Hi Russel, On Wed, 15 Dec 2004 12:00:48 -0500, roliver [EMAIL PROTECTED] wrote: There is Safesquid and SquidClamAV_Redirector. (scavr) I use scavr with squid for a school district with great success. Neither Dansguardian or Safesquid can handle very heavy loads in my experience. I use Squid on an OpenBSD 3.6 proxy. Could you please help me to the links/resources on the net that would explaining installation of scavr on my proxy ? Thankyou so much :)) kind Regards Siju ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Database update question for ClamAV-Milter.
Hello, Wtexpo.com ClamAV wrote: Thanks for reply. But I am still confusing. For example, why this replied mail is still scanned with old ClamAV 0.80/601/Mon Nov 22 21:40:21 2004 as its mail header shown. It should be scanned with new ClamAV 0.80/605/Wed Nov 24 22:09:47 2004 right? May be you can see it at this mail header too if u use mail program like outlook/outlook express. Now clear. Seems you haven't notified your daemon after database update. Make sure your freshclam.conf contains line like this: NotifyClamd /etc/clamd.conf Best Regards, Edwin - Original Message - From: George Chelidze [EMAIL PROTECTED] To: ClamAV users ML [EMAIL PROTECTED] Sent: Thursday, November 25, 2004 3:30 PM Subject: Re: [Clamav-users] Database update question for ClamAV-Milter. Hello, Wtexpo.com ClamAV wrote: Hello everyone, I use the latest version 0.80 of ClamAV and set cron to automatically update the virus database. Everything is working fine. However, I found that although my virus database is very up to date, my clamav-milter is still using an old version of database. Below are the database version results that I got it at command prompt and my latest mail header. Output at command prompt clamd --version ClamAV 0.80/605/Wed Nov 24 22:09:47 2004 Output at mail header for my latest mail X-Virus-Scanned: ClamAV 0.80/601/Mon Nov 22 21:40:21 2004 By Nov 22 21:40:21 2004 daily 601 was the newest. So everything is ok:) clamav-milter version 0.80j on NS1.WTEXPO.NET X-Virus-Status: Clean Can anyone tell me what's wrong with my clamav-milter? How to make my clamav-milter automatically use the latest version of virus database? Thank you, Edwin ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Best Regards, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Best Regards, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Virus Tests from www.testvirus.org
Hello, Philip Ershler wrote: On Nov 24, 2004, at 9:29 PM, Tristan Griffiths wrote: Philip Ershler wrote: I am running the .80 release. Tonight I ran the current set of tests from www.testvirus.org. Tests 4,5,7,8,17, and 19 got through. Any idea what's going on. The last time I ran this suite of tests on the .75 release, I seem to recall it did much better. Thanks for any thoughts, Phil I too am running .80 release. Only #24 and #25 got through and #25 had the file name mangled by the procmail sanitiser http://www.impsec.org/email-tools/sanitizer-intro.html anyway. same here. That makes me worry even more. Maybe you miss something in your clamd/clamav-milter config files? If you don't mind post them to this list. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Best Regards, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Database update question for ClamAV-Milter.
Hello, Wtexpo.com ClamAV wrote: Hello everyone, I use the latest version 0.80 of ClamAV and set cron to automatically update the virus database. Everything is working fine. However, I found that although my virus database is very up to date, my clamav-milter is still using an old version of database. Below are the database version results that I got it at command prompt and my latest mail header. Output at command prompt clamd --version ClamAV 0.80/605/Wed Nov 24 22:09:47 2004 Output at mail header for my latest mail X-Virus-Scanned: ClamAV 0.80/601/Mon Nov 22 21:40:21 2004 By Nov 22 21:40:21 2004 daily 601 was the newest. So everything is ok:) clamav-milter version 0.80j on NS1.WTEXPO.NET X-Virus-Status: Clean Can anyone tell me what's wrong with my clamav-milter? How to make my clamav-milter automatically use the latest version of virus database? Thank you, Edwin ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Best Regards, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] LibClamAV Warning: Broken PE header detected
Tomasz Kojm wrote: On Thu, 4 Nov 2004 11:47:41 +0200 (CAT) Jim Holland [EMAIL PROTECTED] wrote: The attachment is clearly malware (the message looks like a Klez Clearly? How do you know that? Do you have a code analyser built into your eyes? virus-free(fortunately it then goes on to block it because of the file name, but that is besides the point). Is the above report an error with ClamAV, or is the file actually harmless because of the broken PE header? Would it not be desirable for ClamAV to flag such files as being viruses (even if they are broken)? The way libclamav works in the case of executable files is: 1. check the file against the signature database and stop scanning if virus is found 2. run PE parser (report broken executables; try to guess and unpack compressed files) One additional question here: I get several messages a day which are marked as broken executables by clamav but as I-Worm.NetSky.o by kav. AFAIK it's an alias to Worm.SomeFool.N. Why clam doesn't detect known signature and falls to step 2? (Maybe a part of signature is missing because a file it's broken?) I don't think clamav and kav use signatures which differs a lot, do they? So it doesn't re-eject files without scanning just because they seem to be broken. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Thanks in advance. Best Regards, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] LibClamAV Warning: Broken PE header detected
Tomasz Papszun wrote: On Wed, 10 Nov 2004 at 11:47:59 +0300, George Chelidze wrote: Tomasz Kojm wrote: The way libclamav works in the case of executable files is: 1. check the file against the signature database and stop scanning if virus is found 2. run PE parser (report broken executables; try to guess and unpack compressed files) One additional question here: I get several messages a day which are marked as broken executables by clamav but as I-Worm.NetSky.o by kav. AFAIK it's an alias to Worm.SomeFool.N. Why clam doesn't detect known signature and falls to step 2? (Maybe a part of signature is missing because a file it's broken?) I believe so. To be sure, the samples would have to be examined. I know your team is very busy, but anyway if you are interested in samples I can provide them. I don't think clamav and kav use signatures which differs a lot, do they? They surely differ. Thanks for your time and your great product. Best Regards, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Permission denied when sending notifications
Hello, Jose Gervasio Gomiz wrote: Hi everyone. I'm using clamd/clamav-milter 0.80 + Sendmail 8.12.11-4.6 on Fedora Core 2. I have --postmaster-only in /etc/sysconfig/clamav-milter, because I need to get email notifications when a virus is found. The problem is that notifications fail. Extract from /var/log/maillog: Nov 8 14:03:31 mail sendmail[21690]: NOQUEUE: SYSERR(clamav): can not chdir(/var/spool/clientmqueue/): Permission denied ls -l /usr/sbin/sendmail mine is: -r-xr-sr-x1 root smmsp 661621 Nov 3 11:37 /usr/sbin/sendmail I dought you don't have SGID turned on. Permissions: /etc/mail/: -rw-r--r-- 1 root root 58156 Nov 8 15:14 sendmail.cf -r--r--r-- 1 root root 39181 Nov 8 15:13 submit.cf -rw-r--r-- 1 root root127 Nov 8 15:14 trusted-users /var/spool/: drwxrwx--- 2 smmsp smmsp 12288 Nov 8 15:11 clientmqueue drwxrwxr-x 2 root mail 4096 Nov 8 15:37 mail Users: uid=46(clamav) gid=46(clamav) groups=46(clamav) uid=51(smmsp) gid=51(smmsp) groups=51(smmsp) Processes: root 23999 0.0 1.1 7948 2860 ?S15:14 0:00 sendmail: accepting connections smmsp24008 0.0 0.9 6308 2408 ?S15:14 0:00 sendmail: Queue [EMAIL PROTECTED]:00:00 mailto:[EMAIL PROTECTED]:00:00 for /var/spool/clientmqueue clamav 23570 0.0 2.3 20092 6036 ?S15:09 0:00 /usr/sbin/clamd clamav 23582 0.0 0.5 37784 1508 ?S15:09 0:00 /usr/sbin/clamav-milter --dont-wait --force-scan --dont-log-clean --server=localhost --postmaster=postmaster --postmaster-only --pidfile=/var/run/clamav/clamav-milter.pid local:/var/run/clamav/clamav-milter.sock I know that user clamav (uid 46) can't write or chdir to /var/spool/clientmqueue in this setup. I've tried: User clamav in /etc/mail/sendmail.cf Trusted users section? Doesn't work. User clamav in /etc/mail/submit.cf Trusted users section? Doesn't work. User clamav in /etc/mail/trusted-users file? Doesn't work. Adding clamav to smmsp group? Doesn't work. Changing /var/spool/clientmqueue permissions/ownership? Not recommended. Running clamd as user smmsp? clamav-milter fails to start. Which is the correct way to do it? Thanks in advance! Jose G. Gomiz [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Administrador Area Internet Compel SRL ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Best Regards, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] configure failure: libmilter directory not found?
I configure it this way: CPPFLAGS=-I/usr/local/src/sendmail-8.12.11/include ./configure --prefix=/usr/local/clamav --enable-milter It goes just fine. Tom D`Asto wrote: Trying to complete the installation of clamav. I want to configure the clamav-milter (./configure --enable-milter) for email scanning. However, during the configure, libmilter directory cannot be located. I can't find it either... What do I need to do? Tom [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Best Regards, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Online scanner vs Sendvirus.cgi
Hello, I have just found a message which was trapped with sanitizer because of dangerous attachment (message.scr) and I thought it was a new worm. I checked it against clamav online scanner which reported the following: ClamAV 0.80/572/Wed Nov 3 11:48:18 2004 ClamAV scans the file ... Clamav-Output: /tmp/php7TNJzC: OK Clamav DID NOT identify your sample as malicious content If you really think your sample is a virus or any other harmful thing clamav should detect please go to http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi and submit the virus. I submited the sample but got the following output: Result: This virus is already recognized by ClamAV 0.80/572/Wed Nov 3 05:48:18 2004 as Broken.Executable . Be careful when submitting samples and remember to run freshclam! Please correct the above errors and retry. I though I missed something and repeated the process but got the same result. Any ideas? Best Regards, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Online scanner vs Sendvirus.cgi
Tomasz Papszun wrote: On Thu, 04 Nov 2004 at 11:48:35 +0300, George Chelidze wrote: Hello, I have just found a message which was trapped with sanitizer because of dangerous attachment (message.scr) and I thought it was a new worm. I checked it against clamav online scanner which reported the following: ClamAV 0.80/572/Wed Nov 3 11:48:18 2004 ClamAV scans the file ... Clamav-Output: /tmp/php7TNJzC: OK Clamav DID NOT identify your sample as malicious content If you really think your sample is a virus or any other harmful thing clamav should detect please go to http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi and submit the virus. I submited the sample but got the following output: Result: This virus is already recognized by ClamAV 0.80/572/Wed Nov 3 05:48:18 2004 as Broken.Executable . Be careful when submitting samples and remember to run freshclam! Please correct the above errors and retry. I though I missed something and repeated the process but got the same result. Any ideas? Seems that the scanner at sendvirus.cgi uses the DetectBrokenExecutables option while clamav online scanner - not. So is it a bad idea to enable the same in online scanner? It will save a little bandwidth... Best Regards, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Online scanner vs Sendvirus.cgi
Hello, Fajar A. Nugraha wrote: George Chelidze wrote: Seems that the scanner at sendvirus.cgi uses the DetectBrokenExecutables option while clamav online scanner - not. So is it a bad idea to enable the same in online scanner? It will save a little bandwidth... Bad, because broken executables are not 100% virus. I don't mean they should be marked as virus. The fact is that file isn't ok, it's already in base as broken executable. Also bad, because it is not enabled by default on a standard installation. We are not talking about adding this option to default options list. The online scanner is often used to check a file against known threats and if it's not detected by scanner (marked as OK) and suspected to be a new virus, it's submited to clamav team. Before you get back This virus is already recognized... message actually should be uploaded to server and should be checked once again (correct me if I am wrong) which is extra bandwidth and cpu power. Hope I made myself clear. Best Regards, -- George Chelidze ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] OT: Virus page almost ready to go
Hello Rick, Your page is great. I think the only thing is missing is graphs. I have developed very simple system for clamav statistics and integrated it with mrtg. below is the screenshot: http://wrath.geoweb.ge/images/vstats.gif The system works as follows: admin is notified about infection incident. I pipe the notification message to a perl script through a procmailrc file. This perl script retrieves usefull information from message and appends it to mysql table. another perl script retrieves the data for last 5 minutes from the table and updates a file for mrtg. mrtg executes every 5 minutes and draws the graph. Results are displayed using cgi script which links to the image generated by mrtg and selects appropriate data from table. If people on this list are interested, we can make it public. Best Regards, Rick Macdougall wrote: Hi All, As promised, the virus stats page is almost ready to go. I'll clean up the code tomorrow or Thursday and release it GPL. http://mail.limelyte.net/admin/virus/ for a preview. Suggestions, critique, etc are welcomed. Regards, Rick --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users -- George Chelidze --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] OT: Virus page almost ready to go
Yes we get approximately 1000 infections a day. Best Regards, Fajar A. Nugraha wrote: George Chelidze wrote: admin is notified about infection incident. I'm guessing you only get small amount of infections (e.g. less than 10.000 a day) ? Regards, Fajar -- George Chelidze --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ScanStream: accept timeout
Hello, Nigel Horne wrote: On Wednesday 02 Jun 2004 12:57, George Chelidze wrote: CLAMAV_FLAGS=-c /etc/clamav.conf -nlPH local:/ctl/clamav-milter.ctl That's the place - now do 'man clamav-milter' and look under the 'd' option and you'll have your answer on whether the messages are failed or passed through unscanned. Seems warnings are treated as errors in this case and as I don't use 'd' option it wont go through. Thanks -Nigel Best Regards, -- George Chelidze --- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ScanStream: accept timeout
Hello, Nigel Horne wrote: On Wednesday 02 Jun 2004 06:38, George Chelidze wrote: Also I wonder what happens to message which triggers the following warning: WARNING: ScanStream: Size limit reached ( max: 10485760) Is it bounced back or pass through without scanning? That depends on the options you give to clamav-milter. CLAMAV_FLAGS=-c /etc/clamav.conf -nlPH local:/ctl/clamav-milter.ctl INPUT_MAIL_FILTER(`clamav', `S=unix:/usr/local/clamav/ctl/clamav-milter.ctl, F=, T=S:4m;R:4m')dnl Do you mean 'F=' part of my conf? Best Regards, -Nigel Best Regards, -- George Chelidze --- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] ScanStream: accept timeout
Hello, I am using clamav 0.71 on RH 7.3 2.4.24 and it works fine. No major problems. I have found several messages in clamd.log like this: ERROR: ScanStream: accept timeout. What does this message mean? Also I wonder what happens to message which triggers the following warning: WARNING: ScanStream: Size limit reached ( max: 10485760) Is it bounced back or pass through without scanning? Thanks in advance. Best Regards, -- George Chelidze --- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav-milter-0.71 queues virus notification mails instead of sending them
Hello, From ChangeLog: If -outgoing is given put generated emails in the deferred queue to avoid the milter being called twice at the same time (one on the incoming one on the outgoing) Best Regards, Alexander Piavka wrote: Hi, clamav-milter work ok excpet one thing the virus notifications are not sent but stay in /var/spool/mqueue and i've to send them manually by '/usr/sbin/sendmail -qI' then i go back to clamav-0.70 it work ok. the flags are: CLAMAV_FLAGS=--config-file=/etc/clam/clamav.conf --quarantine-dir=/var/lib/amavis/clamav/viruses --max-children=10 -f -N -P -p [EMAIL PROTECTED] inet:[EMAIL PROTECTED] with clamav-0.70 i've: May 24 12:09:48 ha-rs1 sendmail[7]: i4O99mZ7: from=amavis, size=409, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], [EMAIL PROTECTED] May 24 12:09:50 ha-rs1 sendmail[9]: i4O99mZ7: [EMAIL PROTECTED], ctladdr=amavis (15/106), delay=00:00:02, xdelay=00:00:02, mailer=nullclient, pri=30409, relay=indigo.cs.bgu.ac.il. [132.72.42.23], dsn=2.0.0, stat=Sent (i4O99lxB006213 Message accepted for delivery) with clamav-0.71: May 24 12:31:12 ha-rs2 sendmail[4989]: i4O9VC904989: from=amavis, size=416, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], [EMAIL PROTECTED] May 24 12:31:12 ha-rs2 sendmail[4989]: i4O9VC904989: [EMAIL PROTECTED], delay=00:00:00, mailer=nullclient, pri=30416, stat=queued and then i run '/usr/sbin/sendmail -qI' i get: May 24 12:32:10 ha-rs2 sendmail[5018]: i4O9VC904989: [EMAIL PROTECTED], delay=00:00:58, xdelay=00:00:02, mailer=nullclient, pri=120416, relay=indigo.cs.bgu.ac.il. [132.72.42.23], dsn=2.0.0, stat=Sent (i4O9W9iQ012489 Message accepted for delivery) why is that only with clamav-0.71 the message gets queued , while all other mails are sent ok? ps. if it matters i use rpms maintained by Bill Randle on mandrake9.1 both for clamav 0.70 0.71 Thanks. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users -- George Chelidze --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Compiling ClamAV permissions problem
Hello,
Graham Dodd wrote:
Hello All,
I have finally got Clamd running with Exim 4 (a long story), but it will
only run as root :-{
I compiled and installed clam (0.70) as root
In clamav.conf I have user clamav
I have added user clamav and group clamav
clamscan works
clamdscan returns an error that it cannot open file or directory (clamd
also returns the same error in the logfile)
Can you paste the exact message from your logfile? Also running clamd
with debug enabled will helpfull.
If I change user root it all works
I know I have a permission problem somewhere, but I cannot find it
Please help
thanks,
Graham
Best Regards,
--
George Chelidze
---
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562alloc_id=6184op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd new virusses
Hello, Jona Tallieu wrote: Hi all, We have CLAMD up running with our CommunigatePro mailserver and CGPAV filter. We do an hourly check for fresh virusses using cron and freshclam, and it works perfectly. Some questions: will clamd automatically use the new virus-defenitions freshclam has downloaded, or do we need to relaunch clamd? If you include NotifyClamd [config file] in you freshclam.conf then freshclam will try to notify clamd about new definitions. In this case you don't need to reload your clamd. Is this why there is an option in the freshclam.conf NotifyClamd? Do I need to enable that? If you need your clamd to be notified by freshclam, then yes, enable it. We are using LocalSocket, not TCPSocket. In fact it doesn't matter. freshclam will look at your settings in clamd config file and connect to the daemon using supported mechanism. Thanks! J. Best Regards, -- George Chelidze --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562alloc_id=6184op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Can't get clamav-milter going
I had clamav antivirus working fine for a couple months. Now after a reboot I can't it started to save my neck. After starting the clamd deamon, which creates /var/run/clamav/clamd.sock, and starting clamav-milter, clamav-milter exits with following error message: ClamAv: Unable to bind to port local:/var/run/clamav/clamd.sock: Address already in use. In use by possibly what? I haven't any idea what this message means or what I can do about it. I've tried increasing the debug level but this is about as much information as I can get. Also, I have tried going through the archive of this list and found exactly the same question but there was no answer. Please help !! Thanks, George --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: test message
Tomasz Klim wrote: This is a test message only. I'm sending it only to announce my e-mail address to all infected e-mail clients, to provoke them to send a copy of viruses. Don't be angry. Go sign up on a bunch of MSN or Yahoo group lists and announce there. I think you'll find those a much more efficient way of getting into virus-prone users' address books. - Bob --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Status of --mbox?
Sorry if this is an old subject, but it keeps coming up again and again on the procmail and spamassassin lists. I have tried searching archives and the web for answers. I noticed that there can be differences in results returned by clamscan and clamdscan when called directly from procmail to scan stdin, and noted the cautions about --mbox on the clamscan manpage. I'm making use of some of the wrapper scripts that unencode the message to files, then scan those. This is working VERY WELL, and I'm thrilled with clamav. What I'd like to get is as close to an official answer as possible to the questions of: 1. Is --mbox recommended for use for scanning mail streams (i.e. from procmail)? Is the fixed, or to be fixed shortly? 2. Is the lack of --mbox on clamdscan permanent? IF --mbox is OK, will it remain only for clamscan. 3. Is a wrapper script to un-encode email 1st, then scan the resulting files a good / the best approach? Thanks, - Bob --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: Status of --mbox?
Bob George wrote: Updating my own questions... 1. Is --mbox recommended for use for scanning mail streams (i.e. from procmail)? Is the fixed, or to be fixed shortly? As in as of 0.67 it seems fixed. Also, mail options in clamd seem fine. 2. Is the lack of --mbox on clamdscan permanent? IF --mbox is OK, will it remain only for clamscan. Updated, and now see mail options. Nevermind. 3. Is a wrapper script to un-encode email 1st, then scan the resulting files a good / the best approach? I still see commments about un-encoding messages. What is overall Best Recommended (safe) bet approach? - Bob --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
