Re: [clamav-users] How to download and update main.cvd and daily.cvd manually AND update mirrors

2017-12-15 Thread George
Hello Tom M,

1) I did
sudo mv /var/lib/clamav/mirrors.dat /home/user
sudo /etc/init.d/clamav-freshclam stop
sudo freshclam
ClamAV update process started at Fri Dec 15 19:45:53 2017
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
sigmgr)
WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net
ERROR: getpatch: Can't download daily-24011.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
WARNING: Mirror 193.92.150.194 is not synchronized.
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in
/etc/clamav/freshclam.conf is working. Check
http://www.clamav.net/doc/mirrors-faq.html for possible reasons.

2) Then I did:
sudo nano /etc/clamav/freshclam.conf
# and in freshclam.conf changed "DatabaseMirror db.local.clamav.net" to
"DatabaseMirror db.bg.clamav.net" (I am from Bulgaria)
# It worked! I'll try to look it out in the Archives. But even if it was
there, I wouldn't know due to lack of knowledge and experience. I guess
"WARNING: Mirror 193.92.150.194 is not synchronized." means that freshclam
cannot find my country database.
Thanks again Tom M. You are the best!
Merry Christmas and Happy New Year!

Best regards,
George

2017-12-15 16:20 GMT+02:00 Thomas McCourt (tmccourt) :

> Hello George,
>
>
> 1) Did you delete mirror.dat, then re-run freshclam?
> 2) Did you include in your freshclam.conf your countryside in the
> DatabaseMirror section? Db.xy.clamav.net? Once doing that, run freshclam.
>
>
> Thanks,
>
>
> Tom M
>
>
>
>
> On 12/15/17, 4:52 AM, "clamav-users on behalf of George" <
> clamav-users-boun...@lists.clamav.net on behalf of gdparlic...@gmail.com>
> wrote:
>
> >Hi Dennis,
> >
> >Thanks again for your answer.
> >I just checked and clamav can read the main.cvd and the daily.cvd. It
> >cannot write. I hope that's what you meant.
> >Otherwise, when I tried a manual update. I did what follows but, as you
> can
> >see, to no avail:
> >
> >user@virus:~$ sudo /etc/init.d/clamav-freshclam stop
> >[ ok ] Stopping clamav-freshclam (via systemctl):
> clamav-freshclam.service.
> >user@virus:~$ sudo freshclam
> >ClamAV update process started at Fri Dec 15 11:46:39 2017
> >main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
> >sigmgr)
> >WARNING: getpatch: Can't download daily-24011.cdiff from
> db.local.clamav.net
> >WARNING: getpatch: Can't download daily-24011.cdiff from
> db.local.clamav.net
> >WARNING: getpatch: Can't download daily-24011.cdiff from
> db.local.clamav.net
> >WARNING: getpatch: Can't download daily-24011.cdiff from
> db.local.clamav.net
> >WARNING: getpatch: Can't download daily-24011.cdiff from
> db.local.clamav.net
> >WARNING: Incremental update failed, trying to download daily.cvd
> >WARNING: Can't download daily.cvd from db.local.clamav.net
> >Trying again in 5 secs...
> >...
> >ClamAV update process started at Fri Dec 15 11:47:07 2017
> >main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
> >sigmgr)
> >WARNING: getpatch: Can't download daily-24011.cdiff from
> database.clamav.net
> >WARNING: getpatch: Can't download daily-24011.cdiff from
> database.clamav.net
> >WARNING: getpatch: Can't download daily-24011.cdiff from
> database.clamav.net
> >WARNING: getpatch: Can't download daily-24011.cdiff from
> database.clamav.net
> >ERROR: getpatch: Can't download daily-24011.cdiff from
> database.clamav.net
> >WARNING: Incremental update failed, trying to download daily.cvd
> >ERROR: Can't download daily.cvd from database.clamav.net
> >Giving up on database.clamav.net...
> >Update failed. Your network may be down or none of the mirrors listed in
> >/etc/clamav/freshclam.conf is working. Check
> >http://www.clamav.net/doc/mirrors-faq.html for possible reasons.
> >
> >I don't know what to do here.
> >
> >Best regards,
> >George
> >
> >2017-12-14 18:53 GMT+02:00 Dennis Peterson :
> >
> >> Did you make sure permissions are set so that the clam user can read
> them?
> >>
> >>
> >>
> >> On 12/14/17 8:49 AM, George wrote:
> >>
> >>> Hi,
> >>>
> >>> I mistakingly 

Re: [clamav-users] How to download and update main.cvd and daily.cvd manually AND update mirrors

2017-12-15 Thread George
My mistake, clamav has both rw permissions. Thanks!

user@virus:~$ ls -la /var/lib/clamav
total 215016
drwxr-xr-x  2 clamav clamav  4096 dec 15 18:25 .
drwxr-xr-x 82 root   root4096 sep  2 16:09 ..
-rw-r--r--  1 clamav clamav766976 nov  3 20:34 bytecode.cld
-rw-r--r--  1 clamav clamav  42567087 dec  6 19:53 daily.cvd
-rw-r--r--  1 clamav clamav 117892267 dec  6 18:56 main.cvd
-rw---  1 clamav clamav   104 dec 15 18:25 mirrors.dat
-rw-r--r--  1 clamav clamav  58927418 nov  3 20:34 safebrowsing.cvd

2017-12-15 16:27 GMT+02:00 Micah Snyder (micasnyd) :

> Hang on, did you just say that clamav doesn’t have write permissions to
> the databases?  That /would/ explain why freshclam can’t save the new
> database files.
>
>
> Micah Snyder
> Software Engineer
> Talos
> Cisco Systems, Inc.
>
>
>
> On Dec 15, 2017, at 4:52 AM, George  gdparlic...@gmail.com>> wrote:
>
> Hi Dennis,
>
> Thanks again for your answer.
> I just checked and clamav can read the main.cvd and the daily.cvd. It
> cannot write. I hope that's what you meant.
> Otherwise, when I tried a manual update. I did what follows but, as you can
> see, to no avail:
>
> user@virus:~$ sudo /etc/init.d/clamav-freshclam stop
> [ ok ] Stopping clamav-freshclam (via systemctl): clamav-freshclam.service.
> user@virus:~$ sudo freshclam
> ClamAV update process started at Fri Dec 15 11:46:39 2017
> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
> sigmgr)
> WARNING: getpatch: Can't download daily-24011.cdiff from
> db.local.clamav.net<http://db.local.clamav.net>
> WARNING: getpatch: Can't download daily-24011.cdiff from
> db.local.clamav.net<http://db.local.clamav.net>
> WARNING: getpatch: Can't download daily-24011.cdiff from
> db.local.clamav.net<http://db.local.clamav.net>
> WARNING: getpatch: Can't download daily-24011.cdiff from
> db.local.clamav.net<http://db.local.clamav.net>
> WARNING: getpatch: Can't download daily-24011.cdiff from
> db.local.clamav.net<http://db.local.clamav.net>
> WARNING: Incremental update failed, trying to download daily.cvd
> WARNING: Can't download daily.cvd from db.local.clamav.net<http://db.
> local.clamav.net>
> Trying again in 5 secs...
> ...
> ClamAV update process started at Fri Dec 15 11:47:07 2017
> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
> sigmgr)
> WARNING: getpatch: Can't download daily-24011.cdiff from
> database.clamav.net<http://database.clamav.net>
> WARNING: getpatch: Can't download daily-24011.cdiff from
> database.clamav.net<http://database.clamav.net>
> WARNING: getpatch: Can't download daily-24011.cdiff from
> database.clamav.net<http://database.clamav.net>
> WARNING: getpatch: Can't download daily-24011.cdiff from
> database.clamav.net<http://database.clamav.net>
> ERROR: getpatch: Can't download daily-24011.cdiff from database.clamav.net
> <http://database.clamav.net>
> WARNING: Incremental update failed, trying to download daily.cvd
> ERROR: Can't download daily.cvd from database.clamav.net database.clamav.net>
> Giving up on database.clamav.net<http://database.clamav.net>...
> Update failed. Your network may be down or none of the mirrors listed in
> /etc/clamav/freshclam.conf is working. Check
> http://www.clamav.net/doc/mirrors-faq.html for possible reasons.
>
> I don't know what to do here.
>
> Best regards,
> George
>
> 2017-12-14 18:53 GMT+02:00 Dennis Peterson mailto:de
> nni...@inetnw.com>>:
>
> Did you make sure permissions are set so that the clam user can read them?
>
>
>
> On 12/14/17 8:49 AM, George wrote:
>
> Hi,
>
> I mistakingly copied this twice in the email. But I did it as in your
> reply. that's not the problem.
>
> Thanks,
> George
>
> 2017-12-14 18:39 GMT+02:00 Dennis Peterson mailto:de
> nni...@inetnw.com>>:
>
> you are downloading main.cvd twice. Change one of the wget commands to
> download daily.cvd.
>
> Example:
>
> wget database.clamav.net/main.cvd<http://database.clamav.net/main.cvd>
> sudo cp main.cvd /var/lib/clamav
> wget database.clamav.net/daily.cvd<http://database.clamav.net/daily.cvd>
> sudo cp daily.cvd /var/lib/clamav
>
>
> dp
>
> On 12/14/17 8:28 AM, George wrote:
>
> Dear All,
>
> I am still getting the message that my database is more than 7 days
> old. I
> successfully downloaded and updated main.cvd and daily.cvd manually, as
> follows:
>
> wget database.clamav.net/main.cvd<http://database.clamav.net/main.cvd>
> sudo cp main.cvd /var/lib/clamav
> wget database.clamav.net/

Re: [clamav-users] How to download and update main.cvd and daily.cvd manually AND update mirrors

2017-12-15 Thread George
Hi Dennis,

Thanks again for your answer.
I just checked and clamav can read the main.cvd and the daily.cvd. It
cannot write. I hope that's what you meant.
Otherwise, when I tried a manual update. I did what follows but, as you can
see, to no avail:

user@virus:~$ sudo /etc/init.d/clamav-freshclam stop
[ ok ] Stopping clamav-freshclam (via systemctl): clamav-freshclam.service.
user@virus:~$ sudo freshclam
ClamAV update process started at Fri Dec 15 11:46:39 2017
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
sigmgr)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
WARNING: Can't download daily.cvd from db.local.clamav.net
Trying again in 5 secs...
...
ClamAV update process started at Fri Dec 15 11:47:07 2017
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
sigmgr)
WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net
ERROR: getpatch: Can't download daily-24011.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: Can't download daily.cvd from database.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in
/etc/clamav/freshclam.conf is working. Check
http://www.clamav.net/doc/mirrors-faq.html for possible reasons.

I don't know what to do here.

Best regards,
George

2017-12-14 18:53 GMT+02:00 Dennis Peterson :

> Did you make sure permissions are set so that the clam user can read them?
>
>
>
> On 12/14/17 8:49 AM, George wrote:
>
>> Hi,
>>
>> I mistakingly copied this twice in the email. But I did it as in your
>> reply. that's not the problem.
>>
>> Thanks,
>> George
>>
>> 2017-12-14 18:39 GMT+02:00 Dennis Peterson :
>>
>> you are downloading main.cvd twice. Change one of the wget commands to
>>> download daily.cvd.
>>>
>>> Example:
>>>
>>> wget database.clamav.net/main.cvd
>>> sudo cp main.cvd /var/lib/clamav
>>> wget database.clamav.net/daily.cvd
>>> sudo cp daily.cvd /var/lib/clamav
>>>
>>>
>>> dp
>>>
>>> On 12/14/17 8:28 AM, George wrote:
>>>
>>> Dear All,
>>>>
>>>> I am still getting the message that my database is more than 7 days
>>>> old. I
>>>> successfully downloaded and updated main.cvd and daily.cvd manually, as
>>>> follows:
>>>>
>>>> wget database.clamav.net/main.cvd
>>>> sudo cp main.cvd /var/lib/clamav
>>>> wget database.clamav.net/main.cvd
>>>> sudo cp daily.cvd /var/lib/clamav
>>>>
>>>>
>>>> ___
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] How to download and update main.cvd and daily.cvd manually AND update mirrors

2017-12-14 Thread George
Hi,

I mistakingly copied this twice in the email. But I did it as in your
reply. that's not the problem.

Thanks,
George

2017-12-14 18:39 GMT+02:00 Dennis Peterson :

> you are downloading main.cvd twice. Change one of the wget commands to
> download daily.cvd.
>
> Example:
>
> wget database.clamav.net/main.cvd
> sudo cp main.cvd /var/lib/clamav
> wget database.clamav.net/daily.cvd
> sudo cp daily.cvd /var/lib/clamav
>
>
> dp
>
> On 12/14/17 8:28 AM, George wrote:
>
>> Dear All,
>>
>> I am still getting the message that my database is more than 7 days old. I
>> successfully downloaded and updated main.cvd and daily.cvd manually, as
>> follows:
>>
>> wget database.clamav.net/main.cvd
>> sudo cp main.cvd /var/lib/clamav
>> wget database.clamav.net/main.cvd
>> sudo cp daily.cvd /var/lib/clamav
>>
>>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


[clamav-users] How to download and update main.cvd and daily.cvd manually AND update mirrors

2017-12-14 Thread George
Dear All,

I am still getting the message that my database is more than 7 days old. I
successfully downloaded and updated main.cvd and daily.cvd manually, as
follows:

wget database.clamav.net/main.cvd
sudo cp main.cvd /var/lib/clamav
wget database.clamav.net/main.cvd
sudo cp daily.cvd /var/lib/clamav

However, I don't know if it's correct, but I couldn't find step-by-step
explanations anywhere.

Additional information:
## Here is my freshclam.log output (given between quotes << >> and deleting
unnecessary repetitions):
<<
ClamAV update process started at Sun Dec 10 10:23:01 2017
WARNING: Can't query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): Sun Dec 10 10:23:01 2017 -> WARNING: Can't
get information about db.local.clamav.net: Temporary failure in name
resolution
WARNING: Can't read main.cvd header from db.local.clamav.net (IP: )
Trying again in 5 secs...
...
Received signal: wake up
ClamAV update process started at Sun Dec 10 13:24:22 2017
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
sigmgr)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
WARNING: Can't download daily.cvd from db.local.clamav.net
Trying again in 5 secs...
>>

# 2 Here is smy freshclam.conf output (because someone suggested to replace
XY with my country code BG (for Bulgaria) in the database mirror section. I
don't know why and where). The freshclam.confis given between the quotes <<
>> :
<<
# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package

DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
AllowSupplementaryGroups false
PidFile /var/run/clamav/freshclam.pid
ConnectTimeout 30
ReceiveTimeout 30
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
Bytecode true
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net
SafeBrowsing Yes
>>

Again, couldn't someone who understands this write a step-by-step article
with explanations on how to download databases and update mirrors manually?

Best regards,
George
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] How to download and update main.cvd and daily.cvd manually AND mirrors

2017-12-14 Thread George
Hi Tom,

Please find the freshclam.log output between quotes << >> (I deleted
repetitions):
<<
ClamAV update process started at Sun Dec 10 10:23:01 2017
WARNING: Can't query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): Sun Dec 10 10:23:01 2017 -> WARNING: Can't
get information about db.local.clamav.net: Temporary failure in name
resolution
WARNING: Can't read main.cvd header from db.local.clamav.net (IP: )
Trying again in 5 secs...
...
Received signal: wake up
ClamAV update process started at Sun Dec 10 13:24:22 2017
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
sigmgr)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
WARNING: Can't download daily.cvd from db.local.clamav.net
Trying again in 5 secs...
>>

I do not see where to replace XY with my country code in the database
mirror section. Where is this?
Which settings in the freshclam.conf file do you mean? Find below my
freshclm.conf contents:
<<
# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package

DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
AllowSupplementaryGroups false
PidFile /var/run/clamav/freshclam.pid
ConnectTimeout 30
ReceiveTimeout 30
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
Bytecode true
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net
SafeBrowsing Yes
>>

Best regards,
George

2017-12-13 21:17 GMT+02:00 Thomas McCourt (tmccourt) :

> Hey George,
>
> What does your freshclam.log file say?  Any errors generating when you
> download via freshclam?
> Replace XY with your country code in the below database mirror section.
> You could look at the freshclam.conf file and make sure you have the below
> settings:
>
> # Uncomment the following line and replace XY with your country
> # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
> # You can use db.XY.ipv6.clamav.net for IPv6 connections.
> DatabaseMirror db.XY.clamav.net
>
> # database.clamav.net is a round-robin record which points to our most
> # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is
> # not working. DO NOT TOUCH the following line unless you know what you
> # are doing.
> DatabaseMirror database.clamav.net
>
>
>
>
> IF you have having issues with the mirrors themselves, delete your
> mirror.dat file, and run a freshclam again to see if that helps.
>
>
> Thanks,
>
>
> Tom M
>
>
>
> On 12/13/17, 2:07 PM, "clamav-users on behalf of George" <
> clamav-users-boun...@lists.clamav.net on behalf of gdparlic...@gmail.com>
> wrote:
>
> >Dear All,
> >
> >I need help to download and update main.cvd and daily.cvd manually AND
> >mirrors. I tried:
> >
> >wget database.clamav.net/main.cvd
> >sudo cp main.cvd /var/lib/clamav
> >wget database.clamav.net/main.cvd
> >sudo cp daily.cvd /var/lib/clamav
> >
> >It didn't work. I am still getting the message that my database is more
> >than 7 days old. I know that this might be wrong, but why did no one
> >addressed the issue? I've seen a lot of requests lately.
> >I have also been suggested to look for another mirrors. But how and where
> >to look for them. Coouldn't someone who understands this write an article?
> >
> >Best regards,
> >George
> >___
> >clamav-users mailing list
> >clamav-users@lists.clamav.net
> >http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> >Help us build a comprehensive ClamAV guide:
> >https://github.com/vrtadmin/clamav-faq
> >
> >http://www.clamav.net/contact.html#ml
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


[clamav-users] How to download and update main.cvd and daily.cvd manually AND mirrors

2017-12-13 Thread George
Dear All,

I need help to download and update main.cvd and daily.cvd manually AND
mirrors. I tried:

wget database.clamav.net/main.cvd
sudo cp main.cvd /var/lib/clamav
wget database.clamav.net/main.cvd
sudo cp daily.cvd /var/lib/clamav

It didn't work. I am still getting the message that my database is more
than 7 days old. I know that this might be wrong, but why did no one
addressed the issue? I've seen a lot of requests lately.
I have also been suggested to look for another mirrors. But how and where
to look for them. Coouldn't someone who understands this write an article?

Best regards,
George
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] (no subject)

2017-12-06 Thread George
Thanks, but this doesn't update the daily.cvd. Should I wait for you to fix
the mirros or can I do something myself? Sorry for bothering you, but if
there was some guide on what to do in such cases, I would use it myself.

Best regards,
George

2017-12-06 18:32 GMT+02:00 Thomas McCourt (tmccourt) :

> Hello,
>
> Yeah, run the wget command
>
> Wget database.clamav.net/main.cvd
> That should download it
>
>
> Thanks,
>
>
> Tom
>
>
>
>
>
> On 12/6/17, 11:18 AM, "clamav-users on behalf of George" <
> clamav-users-boun...@lists.clamav.net on behalf of gdparlic...@gmail.com>
> wrote:
>
> >wget
> >database.clamav.net/main.cvd'
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Re: [clamav-users] (no subject)

2017-12-06 Thread George
Hi Tom,

Thanks for this timely reply. Could you provide a solution or link to
update the database by myself?

Best regards,
George


2017-12-06 16:57 GMT+02:00 Thomas McCourt (tmccourt) :

> Hello George,
>
> I will look into those mirrors to see if they are down. IF a mirror is not
> working, it should look to find another one. You could also try 'wget
> database.clamav.net/main.cvd'
> To see if it manually downloads it that way, then drop the file in the
> location
>
>
> We have been working hard to correct a lot of mirror issues, but as you
> can see- we still have a long way to go to make mirrors work better.
> It is my hope that I can get the mirrors more stable for everyone moving
> forward.
>
>
> Thank you,
>
>
> Tom M
>
>
>
>
> On 12/6/17, 7:14 AM, "clamav-users on behalf of George" <
> clamav-users-boun...@lists.clamav.net on behalf of gdparlic...@gmail.com>
> wrote:
>
> >Dear All,
> >
> >How do I update my ClamAV database? I can provide the following details
> >regarding my problem:
> >1. I run ClamAV 0.99.2/24010;
> >2. After starting clamscan, I get "The virus database is older than 7
> days!
> >Please update it as soon as possible."
> >3. Ran "sudo /etc/init.d/clamav-freshclam stop; sudo freshclam -v to
> >manually update the ClamAV database, however;
> >4. The following error keeps repeating:
> >
> >Retrieving http://db.local.clamav.net/daily-24011.cdiff
> >Ignoring mirror 193.92.150.194 (due to previous errors)
> >Ignoring mirror 193.92.150.194 (due to previous errors)
> >WARNING: getpatch: Can't download daily-24011.cdiff from
> db.local.clamav.net
> >...
> >Giving up on database.clamav.net...
> >
> >5. So I restarted the ClamAV daemon:
> >user@virus:~$ sudo /etc/init.d/clamav-freshclam start
> >[ ok ] Starting clamav-freshclam (via systemctl):
> clamav-freshclam.service.
> >
> >After reading the documentation (https://www.clamav.net/documents/) and
> the
> >Archives and finding no solution, I decided to ask the community.
> >Please find attached the full Clamscan error log and my trial to update
> the
> >database manually. Please find the log output below (between #START and
> >#END). Thanks in advance.
> >
> >Best regards,
> >George
> >
>
>I deleted the rest of the message
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


[clamav-users] (no subject)

2017-12-06 Thread George
Dear All,

How do I update my ClamAV database? I can provide the following details
regarding my problem:
1. I run ClamAV 0.99.2/24010;
2. After starting clamscan, I get "The virus database is older than 7 days!
Please update it as soon as possible."
3. Ran "sudo /etc/init.d/clamav-freshclam stop; sudo freshclam -v to
manually update the ClamAV database, however;
4. The following error keeps repeating:

Retrieving http://db.local.clamav.net/daily-24011.cdiff
Ignoring mirror 193.92.150.194 (due to previous errors)
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
...
Giving up on database.clamav.net...

5. So I restarted the ClamAV daemon:
user@virus:~$ sudo /etc/init.d/clamav-freshclam start
[ ok ] Starting clamav-freshclam (via systemctl): clamav-freshclam.service.

After reading the documentation (https://www.clamav.net/documents/) and the
Archives and finding no solution, I decided to ask the community.
Please find attached the full Clamscan error log and my trial to update the
database manually. Please find the log output below (between #START and
#END). Thanks in advance.

Best regards,
George

#START
user@virus:~$ freshclam
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
permissions!).
ERROR: Problem with internal logger (UpdateLogFile =
/var/log/clamav/freshclam.log).
user@virus:~$ man clamscan
user@virus:~$ clamscan -r --max-filesize=5 -i --remove /home/user
LibClamAV Warning: **
LibClamAV Warning: ***  The virus database is older than 7 days!  ***
LibClamAV Warning: ***   Please update it as soon as possible.***
LibClamAV Warning: **

--- SCAN SUMMARY ---
Known viruses: 9515915
Engine version: 0.99.2
Scanned directories: 9277
Scanned files: 73380
Infected files: 0
Total errors: 2
Data scanned: 0.00 MB
Data read: 44128.53 MB (ratio 0.00:1)
Time: 324.804 sec (5 m 24 s)
user@virus:~$ sudo /etc/init.d/clamav-freshclam stop
[sudo] password for user:
[ ok ] Stopping clamav-freshclam (via systemctl): clamav-freshclam.service.
user@virus:~$ freshclam
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
permissions!).
ERROR: Problem with internal logger (UpdateLogFile =
/var/log/clamav/freshclam.log).
user@virus:~$ sudo freshclam -v
Current working dir is /var/lib/clamav
Max retries == 5
ClamAV update process started at Tue Nov 21 11:07:07 2017
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1748
Software version from DNS: 0.99.2
main.cvd version from DNS: 58
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
sigmgr)
daily.cvd version from DNS: 24059
Retrieving http://db.local.clamav.net/daily-24011.cdiff
Ignoring mirror 193.92.150.194 (due to previous errors)
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-24011.cdiff
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-24011.cdiff
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-24011.cdiff
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-24011.cdiff
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://db.local.clamav.net/daily.cvd
Ignoring mirror 193.92.150.194 (due to previous errors)
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNING: Can't download daily.cvd from db.local.clamav.net
Trying again in 5 secs...
ClamAV update process started at Tue Nov 21 11:07:18 2017
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1736
Software version from DNS: 0.99.2
main.cvd version from DNS: 58
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
sigmgr)
daily.cvd version from DNS: 24059
Retrieving http://db.local.clamav.net/daily-24011.cdiff
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-24011.cdiff
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-24011.cdiff
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNIN

Re: [clamav-users] daily.cvd update issue.

2011-07-20 Thread George Kasica
On 7/19/2011 4:02 PM, Dennis Peterson wrote:
> 
> In my opinion, if twitter is a requirement for using ClamAV then
> this project is doomed. I don't see our 'business' endorsing our NOC 
> playing with twitter as part of the job.

There is ZERO chance of that getting allowed here. If this becomes a true 
requirement to use clamav then we need to start looking for a replacement 
for the 200+ Linux instances that are running. They are less then happy to 
see a GPL/Free product out there now, become less happy when it went to 
rsync to MANY foreign (Non-US) sites (used in a more or less random style 
for the updates), this would just about put the nail in the coffin for it 
here.

Please say that this is NOT happening, I really don't want to re-engineer 
a solution because someone decides they like a social media tool for 
support. It was hard enough getting the email lists allowed after 3 years 
on my internal mail vs. home email.

___
George R. Kasica | Systems Analyst – Technical Services | Mortgage 
Guaranty Insurance Corporation
270 E. Kilbourn Ave. | Milwaukee, WI  53202 USA | ( 1.414.347.6491(work) 
1.414.732.8503 (cell) | 7 1.888.601.4440 or 1.414.347.2601 (fax) | * 
george_kas...@mgic.com or kasica_pa...@mgic.com
P Please consider the environment before printing this email.

This message is intended for use only by the person(s) addressed above and 
may contain privileged and confidential information. Disclosure or use of 
this message by any other person is strictly prohibited. If this message 
is received in error, please notify the sender immediately and delete this 
message.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Upcoming release of ClamAV

2010-10-20 Thread George Kasica
Tomasz:

As requested - 

RHEL4 
==
./configure && make check

configure: Summary of detected features follows
  OS  : linux-gnu
  pthreads: yes (-lpthread)
configure: Summary of miscellaneous  features
  check   : no (auto)
  clamuko : yes
  fdpassing   : 1
  IPv6: yes
configure: Summary of optional tools
  clamdtop: -lncurses (auto)
  milter  : yes (disabled)
configure: Summary of engine performance features)
  release mode: yes
  jit : no (auto)
  mempool : yes
configure: Summary of engine detection features
  autoit_ea06 : yes
  bzip2   : ok
  zlib: /usr/local
  unrar   : yes

SKIP: check_clamav
PASS: check_freshclam.sh
PASS: check_sigtool.sh
SKIP: check_unit_vg.sh
FAIL: check1_clamscan.sh
FAIL: check2_clamd.sh
PASS: check3_clamd.sh
FAIL: check4_clamd.sh
SKIP: check5_clamd_vg.sh
SKIP: check6_clamd_vg.sh
SKIP: check7_clamd_hg.sh
SKIP: check8_clamd_hg.sh
SKIP: check9_clamscan_vg.sh

RHEL5
===
./configure && make check

configure: Summary of detected features follows
  OS  : linux-gnu
  pthreads: yes (-lpthread)
configure: Summary of miscellaneous  features
  check   : no (auto)
  clamuko : yes
  fdpassing   : 1
  IPv6: yes
configure: Summary of optional tools
  clamdtop:  (auto)
  milter  : yes (disabled)
configure: Summary of engine performance features)
  release mode: yes
  jit : yes (auto)
  mempool : yes
configure: Summary of engine detection features
  autoit_ea06 : yes
  bzip2   : ok
  zlib: /usr/local
  unrar   : yes

SKIP: check_clamav
PASS: check_freshclam.sh
PASS: check_sigtool.sh
SKIP: check_unit_vg.sh
FAIL: check1_clamscan.sh
FAIL: check2_clamd.sh
PASS: check3_clamd.sh
FAIL: check4_clamd.sh
SKIP: check5_clamd_vg.sh
SKIP: check6_clamd_vg.sh
SKIP: check7_clamd_hg.sh
SKIP: check8_clamd_hg.sh
SKIP: check9_clamscan_vg.sh

___
George R. Kasica | Systems Analyst – Technical Services | Mortgage 
Guaranty Insurance Corporation
270 E. Kilbourn Ave. | Milwaukee, WI  53202 USA | ( 1.414.347.6491(work) 
1.414.732.8503 (cell) | 7 1.888.601.4440 or 1.414.347.2601 (fax) | * 
george_kas...@mgic.com or kasica_pa...@mgic.com
P Please consider the environment before printing this email.

This message is intended for use only by the person(s) addressed above and 
may contain privileged and confidential information. Disclosure or use of 
this message by any other person is strictly prohibited. If this message 
is received in error, please notify the sender immediately and delete this 
message.




From:
Tomasz Kojm 
To:
ClamAV users ML , ClamAV Development 

Date:
10/19/2010 09:23
Subject:
[Clamav-users] Upcoming release of ClamAV
Sent by:
clamav-users-boun...@lists.clamav.net



Dear Users,

we're going to release a new version of ClamAV on Monday, October 25.
ClamAV 0.96.4 will fix some issues with the PDF parser, logical
signatures and other problems reported for 0.96.3:

https://wwws.clamav.net/bugzilla/buglist.cgi?resolution=FIXED&query_format=advanced&bug_status=RESOLVED&product=ClamAV&target_milestone=0.96.4


You can help by testing (or just running ./configure && make check) the
latest code available in our Git repository - the latest snapshot
tarball can be grabbed here:

http://git.clamav.net/gitweb?p=clamav-devel.git;a=snapshot;h=refs/heads/master;sf=tgz


Thanks in advance,

-- 
   oo. Tomasz Kojm 
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Oct 19 16:21:33 CEST 2010
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??

2010-09-22 Thread George Kasica
Edwin:

I've been around the 'net quite some time (1983), please excuse me if I'm 
expecting too  much.

I think releasing the clamav item before there were bzip2 libraries out 
there to compile against for major distros (Fedora Core 13, RHEL4 and 
RHEL5 are not small install bases) and many if not most run the RPM builds 
(not tar.gz compiles) in a business setting for control in a large 
environment was probably not a great idea - though I understand you can't 
control the distro vendors I do know you can work with them on security 
issues, its done by other vendors all the time and they can get RPMs out 
quickly in cases like this.
For example the bzip2 RPMs for Red Hat came out about 430pm (you released 
0.96.3 at 17:09 CEST  about 11am Chicago time USA) leaving alot of folks 
wondering what to do about bzip2 RPMs on the day you released clamav...if 
you had waited even 6 hours or so or contacted Red Hat alot of pain would 
have been avoided(similar story for other vendors I'm sure they all have 
security areas and contacts and most are pretty eager to assist). And as 
far as upgrade notes on the web site there's nothing out there at all 
about upgrading/updating bzip2 components...I just looked it says under 
0.96.3 Upgrade Notes "Known Issues and Workarounds - None yet."
Guys, I'm not trying to pick a fight here, but this isn't the first time a 
release of clamav has gone a little sideways in the last 12 months or 
soand I realize that there is a free vs. commercial product provided 
by Sourcefire. We would be happy to go with the latter but its not 
available for the platform we're on and we were told if you are willing to 
help out by running a test build platform on the OS you need it to run on 
things will go smoother after the last set of issues that occurred, so we 
have been. Yet, here we are again with the last 2 releases having issues 
either with JIT copiler/llvm or now this type of thing(bzip libraries, 
etc). I'll admit our info security folks are picky but we have to live 
with that here. 

We're not running a home based server here, this is a production 
environment that serves near to over 1 million emails a day and clamav is 
running in the core of that process as well as on near 50 other linux 
hosts to scan for virus issues on a routine basis as well.

What can we on a sytem admin end do to help this process in the future 
because frankly I'm at a loss, I'm not (and have no desire to be) a 
programmer hacking code. 

In any case its a past event and something to keep in mind next time 
probably.

Thanks for the fish,

George

___
George R. Kasica | Systems Analyst – Technical Services | Mortgage 
Guaranty Insurance Corporation
270 E. Kilbourn Ave. | Milwaukee, WI  53202 USA | ( 1.414.347.6491(work) 
1.414.732.8503 (cell) | 7 1.888.601.4440 or 1.414.347.2601 (fax) | * 
george_kas...@mgic.com or kasica_pa...@mgic.com
P Please consider the environment before printing this email.

This message is intended for use only by the person(s) addressed above and 
may contain privileged and confidential information. Disclosure or use of 
this message by any other person is strictly prohibited. If this message 
is received in error, please notify the sender immediately and delete this 
message.




From:
Török Edwin 
To:
ClamAV users ML 
Cc:
george_kas...@mgic.com
Date:
09/22/2010 11:23
Subject:
Re: [Clamav-users] What ever happened to the Release Candidate for 
0.96.3??
Sent by:
clamav-users-boun...@lists.clamav.net



On Wed, 22 Sep 2010 10:14:57 -0500
George Kasica  wrote:

> Tomaz:
> 
> Typical issues as in the past...first no clue it was coming out(no
> release candidate no announcement)...it just appeared, no idea it
> would have issues with bzip2

There is a problem with security updates and release candidates (or
announcements):
 - we can release only after the vulnerability is disclosed (in case of
   3rdparty libraries)
 - we were watching upstream bzip2 to release, and released soon after
   that, we didn't have a reliable release date in advance
 - we could have told you that we are preparing a new version to fix the
   bzip2 vulnerability, but we couldn't release an RC with the bzip2
   fix included (since that would've disclosed the vulnerability prior
   to upstream having a fix)
 - even if we were able to provide an RC, it would have told you that
   your bzip2 is buggy and you need to upgrade. That would have
   caused even more confusion, since there was no new
   upstream bzip2 version with the fix.

Considering all this, do you think it would be useful to provide
advance warning about a new security fix release in the future?

Best regards,
--Edwin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml




Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??

2010-09-22 Thread George Kasica
Edwin:

Then you need to look at the tests, something isn't making it...the stuff 
build but there were errors/warnings at the end of configure about bzip2 
and Don't rely on this build, etc. Also ULIMIT complaints. 

If you're just looking at little green lights on a web page we have a 
serious problem


___
George R. Kasica | Systems Analyst – Technical Services | Mortgage 
Guaranty Insurance Corporation
270 E. Kilbourn Ave. | Milwaukee, WI  53202 USA | ( 1.414.347.6491(work) 
1.414.732.8503 (cell) | 7 1.888.601.4440 or 1.414.347.2601 (fax) | * 
george_kas...@mgic.com or kasica_pa...@mgic.com
P Please consider the environment before printing this email.

This message is intended for use only by the person(s) addressed above and 
may contain privileged and confidential information. Disclosure or use of 
this message by any other person is strictly prohibited. If this message 
is received in error, please notify the sender immediately and delete this 
message.




From:
Török Edwin 
To:
ClamAV users ML 
Cc:
george_kas...@mgic.com
Date:
09/22/2010 10:13
Subject:
Re: [Clamav-users] What ever happened to the Release Candidate for 
0.96.3??
Sent by:
clamav-users-boun...@lists.clamav.net



On Wed, 22 Sep 2010 09:56:18 -0500
George Kasica  wrote:

> All I can ask after messing with 50+ boxes here to get 0.96.3 running
> is hat ever happened to the RELEASE CANDIDATE for 0.96.3it would
> have sure helped to see that announcement and get a trial run at it.
> 
> This is NOT the first time we've had bumpy releases in the last year
> and we're donating cycles on 4 machines here to run the nightly build
> cycles for 4 distros - RHEL4, RHEL5, Fedora Core 13 and older Generic
> Caldera Linus based boxwith this many issues on RHEL4/RHEL5 and
> Fedora core 13 on our end why are we bothering to do thisit seems
> like we're running tests, submitting results and  no-one is even
> looking at the output.

What kind of issues did you encounter? 
If it is something that can be automatically detected, we should add it
to our testsuite.

All the farm reports I see from author == georgek for september are
green.
We'll probably have to add more tests to detect the issues you
encountered.

Best regards,
--Edwin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??

2010-09-22 Thread George Kasica
Tomaz:

Typical issues as in the past...first no clue it was coming out(no release 
candidate no announcement)...it just appeared, no idea it would have 
issues with bzip2, and STILL no fix to bzip2 RPMs for the Fedora Core 13 
platform (we had to compile from a tar.gz for the others) except RHEL4/5 
that have RPMs out (AFTER 0.96.3 released), the ULIMIT issue that I still 
don't fully grasp here and am still not clear if its something we need to 
deal withthings seem to run so for now we haven't gone in and touched 
it(again, this wasn't an issue in 0.96.2 why is it an issue in 0.96.3 
which appears to be a minor release 0.0.1)

In our environment we have certain time-frames where we need to apply code 
once its released depending on what and why it was put out so we don't 
always have the luxury to let it sit for days...getting code that is not 
labeled as RC and is supposedly prod quality and ready to go and having 
these issues is not good...we've spend a good portion of the week on this 
so far and seem to be finally OK, but it could have been much smoother 
(again)brings me back to the point of why are we running these 4 test 
harness boxes for Torok if no-one is looking at what is coming back from 
them.

George
_______
George R. Kasica | Systems Analyst – Technical Services | Mortgage 
Guaranty Insurance Corporation
270 E. Kilbourn Ave. | Milwaukee, WI  53202 USA | ( 1.414.347.6491(work) 
1.414.732.8503 (cell) | 7 1.888.601.4440 or 1.414.347.2601 (fax) | * 
george_kas...@mgic.com or kasica_pa...@mgic.com
P Please consider the environment before printing this email.

This message is intended for use only by the person(s) addressed above and 
may contain privileged and confidential information. Disclosure or use of 
this message by any other person is strictly prohibited. If this message 
is received in error, please notify the sender immediately and delete this 
message.




From:
Tomasz Kojm 
To:
ClamAV users ML 
Date:
09/22/2010 09:57
Subject:
Re: [Clamav-users] What ever happened to the Release Candidate for 
0.96.3??
Sent by:
clamav-users-boun...@lists.clamav.net



On Wed, 22 Sep 2010 09:56:18 -0500 George Kasica
 wrote:
> All I can ask after messing with 50+ boxes here to get 0.96.3 running is 

> hat ever happened to the RELEASE CANDIDATE for 0.96.3it would have 
> sure helped to see that announcement and get a trial run at it.
> 
> This is NOT the first time we've had bumpy releases in the last year and 

> we're donating cycles on 4 machines here to run the nightly build cycles 

> for 4 distros - RHEL4, RHEL5, Fedora Core 13 and older Generic Caldera 
> Linus based boxwith this many issues on RHEL4/RHEL5 and Fedora core 
13 
> on our end why are we bothering to do thisit seems like we're 
running 
> tests, submitting results and  no-one is even looking at the output.
> 
> Just my 2 cents from out here

Could you elaborate more on the problems you were facing with 0.96.3?

-- 
   oo. Tomasz Kojm 
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Wed Sep 22 16:57:02 CEST 2010
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] What ever happened to the Release Candidate for 0.96.3??

2010-09-22 Thread George Kasica
All I can ask after messing with 50+ boxes here to get 0.96.3 running is 
hat ever happened to the RELEASE CANDIDATE for 0.96.3it would have 
sure helped to see that announcement and get a trial run at it.

This is NOT the first time we've had bumpy releases in the last year and 
we're donating cycles on 4 machines here to run the nightly build cycles 
for 4 distros - RHEL4, RHEL5, Fedora Core 13 and older Generic Caldera 
Linus based boxwith this many issues on RHEL4/RHEL5 and Fedora core 13 
on our end why are we bothering to do thisit seems like we're running 
tests, submitting results and  no-one is even looking at the output.

Just my 2 cents from out here
___
George R. Kasica | Systems Analyst – Technical Services | Mortgage 
Guaranty Insurance Corporation
270 E. Kilbourn Ave. | Milwaukee, WI  53202 USA | ( 1.414.347.6491(work) 
1.414.732.8503 (cell) | 7 1.888.601.4440 or 1.414.347.2601 (fax) | * 
george_kas...@mgic.com or kasica_pa...@mgic.com
P Please consider the environment before printing this email.

This message is intended for use only by the person(s) addressed above and 
may contain privileged and confidential information. Disclosure or use of 
this message by any other person is strictly prohibited. If this message 
is received in error, please notify the sender immediately and delete this 
message.




From:
Nathan Gibbs 
To:
ClamAV users ML 
Date:
09/22/2010 09:03
Subject:
Re: [Clamav-users] VirusAction Question
Sent by:
clamav-users-boun...@lists.clamav.net



* Dennis Peterson wrote:
> On 9/21/10 9:55 PM, Nathan Gibbs wrote:
>> 
>> Now will the REAL C CODERS PLEASE STAND UP! Do it right and show me how 

>> its done. Better yet, just do it right the first time, and I won't say 
a 
>> thing.
> 
> Got your ECR submitted? Has change board seen it, approved it, and 
slotted 
> it in the priorities chart? Is it at the top of the chart? Got your 
design 
> documents done, identified your metrics for success? Got your functional 

> tests designed and approved?
> 

Very good points, all of them, which is why I have said and continue to 
say
that I don't know what I'm doing.

> You've coded it so we assume the above is completed. What are the 
chances 
> you've done regression testing in all supported environments using all 
> supported compilers?

As stated, I don't know what I'm doing.

> Subjected your code for peer review?

Done last night.
http://www.cmpublishers.com/oss/clamfi.c

> Has QA signed off on it?

That would be amazing, but I highly doubt that the Quality of my butcher 
work
would stand.

> Is your confidence level sufficiently high that you are willing to put 
your
> code out for the public's consumption

As stated, Already did.

> and you are ready to support it if it breaks stuff?
> 

0.94.x thats all I'm going to say there.
I understand the why, but will never agree with how it was done.
If sourcefire can blow up ClamAV installations all over the world, why 
should
I worry about my code doing the same thing?

Breakage is a long way off, due to the skill required to get my code into 
your
clamav source.  Some people could do it, but not everybody.

> If coding were easy anyone could do it, and you've shown it is and 
anyone 
> can for very simple projects. That's just the beginning.
> 

Precisely my point.
Should I be doing these mods? NO, Absolutely not!
Are they that difficult to implement? Apparently not.
They should be implemented by someone with far more experience than 
myself.

Last night when I decided to "just for fun" see if I could get the milter 
to
do what I wanted.  I thought it would end with me erasing my mangled and
nonworking source and unpacking a fresh source from the tarball.  I 
thought I
would fail miserably.  Imagine my surprise when it worked, especially when 
you
consider that I don't understand half of that code.  Now imagine my 
thoughts
about a development team backed by a company that won't implement this.

Those guys could do this better than me any day of the week.  They could 
code
circles around me, but so far they won't.  what does that tell you?


-- 
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com


[attachment "signature.asc" deleted by George Kasica/MGIC] 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] 0.96.2 freezing with sane security update script on one of 2 linux systems

2010-08-18 Thread George Kasica
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2225
___
George R. Kasica | Systems Analyst – Technical Services | Mortgage 
Guaranty Insurance Corporation
270 E. Kilbourn Ave. | Milwaukee, WI  53202 USA | ( 1.414.347.6491(work) 
1.414.732.8503 (cell) | 7 1.888.601.4440 or 1.414.347.2601 (fax) | * 
george_kas...@mgic.com or kasica_pa...@mgic.com
P Please consider the environment before printing this email.

This message is intended for use only by the person(s) addressed above and 
may contain privileged and confidential information. Disclosure or use of 
this message by any other person is strictly prohibited. If this message 
is received in error, please notify the sender immediately and delete this 
message.




From:
Török Edvin 
To:
ClamAV users ML 
Date:
08/18/2010 12:06
Subject:
Re: [Clamav-users] 0.96.2 freezing with sane security update script on one 
of 2 linux systems
Sent by:
clamav-users-boun...@lists.clamav.net



Your debug shows that the bytecode selftest failed in JIT mode (with llvm)
The selftest runs always, so it shouldn't matter what db you load, or what
file you scan.Please open bug. Also it should timeout after 1m.

-- sent from mobile, sorry if it gets top posted

On Aug 18, 2010 5:41 PM, "George R. Kasica"  wrote:

>On Wed, 18 Aug 2010 14:25:38 +0100, you wrote:

>> OK. Here's debug AND the fix at least from my so...
Fails with anything, text binary whatever as far as I can tell as long
as llvm is on. Turn it off and all is happy.

George

___
Help us build a comprehensive ClamAV guide: visit ht...
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] 0.96.2 freezing with sane security update script on one of 2 linux systems

2010-08-18 Thread George R . Kasica
>On Wed, 18 Aug 2010 14:25:38 +0100, you wrote:

>> OK. Here's debug AND the fix at least from my solution:
>>
>> Recompiled with
>>
>> ./configure --disable-llvm
>> make
>> make install
>
>Thanks for reporting back.. it's odd though, as the test file you are
>scanning is only a small ascii file out of interest does the same
>thing happen with llvm enabled and one of the other database files -or-
>does it ONLY fail with the junk.ndb file?
>
>Over to edwin though ;)
Fails with anything, text binary whatever as far as I can tell as long
as llvm is on. Turn it off and all is happy.

George
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


Re: [Clamav-users] 0.96.2 freezing with sane security update script on one of 2 linux systems

2010-08-18 Thread George R . Kasica
NCODED: On
LibClamAV debug:* Submodule SCRENC: On
LibClamAV debug:* Submodule   RIFF: On
LibClamAV debug:* Submodule   JPEG: On
LibClamAV debug:* SubmoduleCRYPTFF: On
LibClamAV debug:* SubmoduleDLP: On
LibClamAV debug:* Submodule  MYDOOMLOG: On
LibClamAV debug:* Submodule PREFILTERING:   On
LibClamAV debug: Module PHISHING On
LibClamAV debug:* Submodule ENGINE: On
LibClamAV debug:* SubmoduleENTCONV: On
LibClamAV debug: Module BYTECODE On
LibClamAV debug:* Submodule INTERPRETER:On
LibClamAV debug:* SubmoduleJIT X86: On
LibClamAV debug:* SubmoduleJIT PPC: On
LibClamAV debug:* SubmoduleJIT ARM: ** Off **
LibClamAV debug: environment detected:
LibClamAV debug: check_platform(0x0a113636, 0x0400, 0x00040202)
LibClamAV debug: check_platform(0x0a  1  1  36  36,0x0  4   00 00
00,0x0004 02 02)
LibClamAV debug: check_platform( OS CPU COM FL DCONF,BE PTR CXX
VV.VV.VV, FLG CC VV.VV.VV)
LibClamAV debug: Engine version: 0.96.2
LibClamAV debug: Host triple: 
LibClamAV debug: Host CPU: 
LibClamAV debug: OS: Linux
LibClamAV debug: OS release: 2.6.23.12
LibClamAV debug: OS version: #1 SMP PREEMPT Sat Aug 29 07:29:36 CDT
2009
LibClamAV debug: OS hardware: i686
LibClamAV debug: OS LLVM category: 0
LibClamAV debug: Has JIT compiled: 0
LibClamAV debug:
--
LibClamAV debug: Bytecode: mode is 0
LibClamAV debug: Loading trusted bytecode
LibClamAV debug: bytecode: Parsed 9 APIcalls, maxapi 74
LibClamAV debug: unknown inst type: 89
LibClamAV debug: unknown inst type: 67
LibClamAV debug: unknown inst type: 67
LibClamAV debug: unknown inst type: 67
LibClamAV debug: unknown inst type: 67
LibClamAV debug: unknown inst type: 67
LibClamAV debug: unknown inst type: 67
LibClamAV debug: unknown inst type: 67
LibClamAV debug: unknown inst type: 67
LibClamAV debug: Parsed 41 BBs, 176 instructions
LibClamAV debug: Parsed 1 functions
LibClamAV debug: Bytecode: BC_STARTUP running (builtin)
LibClamAV debug: Bytecode: executing in interpeter mode
LibClamAV debug: bytecode: registered ctx variable at (nil) (+0) id 6
LibClamAV debug: bytecode: registered ctx variable at 0xb7f53780 (+2)
id 2
LibClamAV debug: bytecode: registered ctx variable at 0xb7f40f80
(+256) id 1
LibClamAV debug: bytecode: registered ctx variable at 0xb7f53784 (+4)
id 5
LibClamAV debug: bytecode: registered ctx variable at 0xb7f537a0
(+648) id 4
LibClamAV debug: bytecode: registered ctx variable at 0x805f488 (+512)
id 7
LibClamAV debug: bytecode debug: startup: bytecode execution in auto
mode
LibClamAV debug: intepreter bytecode run finished in 72us, after
executing 96 opcodes
LibClamAV debug: Bytecode: disable status is 0
LibClamAV debug: bytecode: JIT disabled
LibClamAV debug: JIT not compiled in
LibClamAV debug: Bytecode: 0 bytecode prepared with JIT, 0 prepared
with interpreter, 0 failed
LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16)
LibClamAV debug: cache_check: a4c76df956da8678e98dc4b04d8e9f2d is
negative
LibClamAV debug: Recognized ASCII text
LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
LibClamAV debug: in cli_scanscript()
LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
LibClamAV debug: cache_add: a4c76df956da8678e98dc4b04d8e9f2d (level 0)
LibClamAV debug: cli_magic_scandesc: returning 0  at line 2381
LibClamAV debug: Cleaning up phishcheck
LibClamAV debug: Freeing phishcheck struct
LibClamAV debug: Phishcheck cleaned up
-- 
===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
geor...@netwrx1.com
ICQ #12862186
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


Re: [Clamav-users] 0.96.2 freezing with sane security update script on one of 2 linux systems

2010-08-18 Thread George R . Kasica
>On Wed, 18 Aug 2010 10:48:35 +0300, you wrote:

>On Tue, 17 Aug 2010 23:46:22 -0500
>George R. Kasica  wrote:
>
>> Not sure of the cause both are configured and built the same
>> 
>> ./configure
>> make 
>> make install
>> 
>> for clam 0.96.2
>> 
>> Here is what the frozen machine will show - three hung scans for one
>> of the sane security databases - this was NOT a problem with 0.96.1.
>> 
>> If left to sit it will sit forever.
>
>Can you run it with --debug to see where it hangs?
>Then open a bugreport please (and attach junk.ndb).

Not really sure how to do this as I didn't write the script thats
running the update.and have no idea where or how I'd modify that
codewould I just run that from a command line or what??

George
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


[Clamav-users] 0.96.2 freezing with sane security update script on one of 2 linux systems

2010-08-17 Thread George R . Kasica
Not sure of the cause both are configured and built the same

./configure
make 
make install

for clam 0.96.2

Here is what the frozen machine will show - three hung scans for one
of the sane security databases - this was NOT a problem with 0.96.1.

If left to sit it will sit forever.

George



root 12756 12707  5 23:26 pts/300:00:00 clamscan --quiet -d
/usr/unofficial-dbs/ss-dbs/junk.ndb
/usr/unofficial-dbs/configs/scan-test.txt
root 12757 12756  0 23:26 pts/300:00:00 clamscan --quiet -d
/usr/unofficial-dbs/ss-dbs/junk.ndb
/usr/unofficial-dbs/configs/scan-test.txt
root 12758 12757  0 23:26 pts/300:00:00 clamscan --quiet -d
/usr/unofficial-dbs/ss-dbs/junk.ndb
/usr/unofficial-dbs/configs/scan-test.txt


[r...@eagle clamav]# /usr/sbin/clamav-unofficial-sigs.sh 
 
==
Sanesecurity Database & GPG Signature File Updates
==
 
Sanesecurity mirror site used: sane.helljert.de 178.63.197.162
 
Number of files: 28
Number of files transferred: 4
Total file size: 20800355 bytes
Total transferred file size: 8433576 bytes
Literal data: 502554 bytes
Matched data: 7931022 bytes
File list size: 871
File list generation time: 0.280 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 22754
Total bytes received: 112252
 
sent 22754 bytes  received 112252 bytes  24546.55 bytes/sec
total size is 20800355  speedup is 154.07
 
Testing updated Sanesecurity database file: junk.ndb
Sanesecurity GPG Signature tested good on junk.ndb database
 
Aug 17 23:26:03 INFO - Sanesecurity mirror site used: sane.helljert.de
178.63.197.162
Aug 17 23:26:08 INFO - Testing updated Sanesecurity database file:
junk.ndb
Aug 17 23:26:08 INFO - Sanesecurity GPG Signature tested good on
junk.ndb database
-- 
===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
geor...@netwrx1.com
ICQ #12862186
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


Re: [Clamav-users] Compile problem with 0.96.1

2010-06-12 Thread George R . Kasica
>On Sat, 12 Jun 2010 11:27:26 +0100, you wrote:

>On Fri, Jun 11, 2010 at 11:24:17PM -0500, George R. Kasica said:
>> Have successfully run 0.96 here with just using
>> 
>> ./configure
>> make
>> make install
>> 
>> But in 0.96.1
>> 
>> I'm failing the make with
>> 
>>   CCLD   sigtool
>> make[2]: Leaving directory `/mnt/scsi-1/Linux/clamav-0.96.1/sigtool'
>> Making all in clamconf
>> make[2]: Entering directory `/mnt/scsi-1/Linux/clamav-0.96.1/clamconf'
>>   CC optparser.o
>>   CC getopt.o
>>   CC misc.o
>>   CC clamconf.o
>>   CCLD   clamconf
>> clamconf.o: In function `print_platform':
>> /mnt/scsi-1/Linux/clamav-0.96.1/clamconf/clamconf.c:255: undefined
>> reference to `zlibCompileFlags'
>> collect2: ld returned 1 exit status
>> make[2]: *** [clamconf] Error 1
>> make[2]: Leaving directory `/mnt/scsi-1/Linux/clamav-0.96.1/clamconf'
>> make[1]: *** [all-recursive] Error 1
>> make[1]: Leaving directory `/mnt/scsi-1/Linux/clamav-0.96.1'
>> make: *** [all] Error 2
>
>Something wrong with zlib install?  Can you send a link to your
>config.log?

older version did exist in /usr/lib newer version 1.23 was in
/usr/local/lib. 
I removed the older version it and reran the 

./configure
make

and it failed again...looked and notice the "regular" make of zlib
doesn't create shared library you need to build zlib with the
configure -s option.

might be work a note in the clamav docs.

building zlib with the 

configure -s
make make install

got the correct libraries for clam

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


[Clamav-users] Compile problem with 0.96.1

2010-06-11 Thread George R . Kasica
Have successfully run 0.96 here with just using

./configure
make
make install

But in 0.96.1

I'm failing the make with

  CCLD   sigtool
make[2]: Leaving directory `/mnt/scsi-1/Linux/clamav-0.96.1/sigtool'
Making all in clamconf
make[2]: Entering directory `/mnt/scsi-1/Linux/clamav-0.96.1/clamconf'
  CC optparser.o
  CC getopt.o
  CC misc.o
  CC clamconf.o
  CCLD   clamconf
clamconf.o: In function `print_platform':
/mnt/scsi-1/Linux/clamav-0.96.1/clamconf/clamconf.c:255: undefined
reference to `zlibCompileFlags'
collect2: ld returned 1 exit status
make[2]: *** [clamconf] Error 1
make[2]: Leaving directory `/mnt/scsi-1/Linux/clamav-0.96.1/clamconf'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/mnt/scsi-1/Linux/clamav-0.96.1'
make: *** [all] Error 2


uname -m = i686
uname -r = 2.6.23.12
uname -s = Linux
uname -v = #1 SMP PREEMPT Sat Aug 29 07:29:36 CDT 2009

GCC 4.2.2

I'm no where near a C programmer ao if someone can help me out here
I'd appreciate it.

Also files as https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2072

-- 
===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
geor...@netwrx1.com
ICQ #12862186
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


Re: [Clamav-users] DNS Warning also showing up now on 0.95.3

2010-04-08 Thread George R . Kasica
>On Thu, 8 Apr 2010 08:49:48 +0200, you wrote:

>
>Hello,
> 
>> > This is not an acceptable solution here for us...we have over 50
>> > machines and several scripts on each that will need updating...what
>> > exactly is broken here...I'm seeing this error in the 0.95.3 version
>> > as well so it has NOTHING to do with 0.96
>> One of our DNS servers (ns5.clamav.net specifically) is acting up. 
>> That's why you see the error only occasionally, the other DNS servers 
>> are working fine.
>> 
>> I'm working on the problem.
>
>Problem should be solved.
>
Looks good again here thank you very much!

George

-- 
===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
geor...@netwrx1.com
ICQ #12862186
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


[Clamav-users] DNS Warning also showing up now on 0.95.3

2010-04-07 Thread George R . Kasica
>> Datum: Wed, 07 Apr 2010 16:52:13 -0700
>> Von: Chuck Swiger 
>> An: ClamAV users ML 
>> Betreff: Re: [Clamav-users] Version 0.96: WARNING: DNS record is older than  
>> 3 hours.
>
>> Hi--
>> 
>> On Apr 7, 2010, at 4:43 PM, Markus Egg wrote:
>> > I solved it:
>> > in my /etc/freshclam.conf there was still
>> > #DatabaseMirror db.XY.clamav.net
>> > obviously freshclam then takes a default server
>> > ( database.clamav.net ?)
>> > which has no DST and therefore the 
>> > "DNS record is older than 3 hours." message.
>> > 
>> > Putting 
>> > DatabaseMirror db.AT.clamav.net
>> > into the config file solved the issue.
>> 
>> This is surprising to me.  I would have assumed that freshclam and the DNS
>> record checking should all be done in UTC/GMT and not in the local
>> timezone.
>> 
>> What platform are you running, and does the system clock you use run in
>> GMT with /etc/localtime pointing to the appropriate TZ zoneinfo file, or
>> whatever the appropriate convention is for setting up time correctly?
>
>Actually after some trials it does not solve the problem.
>Obviously it was just some coincidence and I get the error again even
>with
>DatabaseMirror db.at.clamav.net
>or
>DatabaseMirror db.de.clamav.net
>:-(
>I'll use 
>freshclam --no-dns

This is not an acceptable solution here for us...we have over 50
machines and several scripts on each that will need updating...what
exactly is broken here...I'm seeing this error in the 0.95.3 version
as well so it has NOTHING to do with 0.96

0.95.3 was working just fine and with no changes on this end is now
broken...

]# freshclam --version
ClamAV 0.95.3/10714/Wed Apr  7 15:27:00 2010
[r...@saturn ~]# freshclam  
ClamAV update process started at Wed Apr  7 19:24:28 2010
WARNING: DNS record is older than 3 hours.
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): Trying host db.us.clamav.net
(209.222.131.222)...
OK (IMS)
main.cvd is up to date (version: 52, sigs: 704727, f-level: 44,
builder: sven)
Reading CVD header (daily.cvd): WARNING: Can't read daily.cvd header
from db.us.clamav.net (IP: 209.222.131.222)
-- 
===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
geor...@netwrx1.com
ICQ #12862186
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


Re: [Clamav-users] 0.96rc1 LibClamAV Warning: JIT not compiled in

2010-03-13 Thread George R . Kasica
>On Fri, 12 Mar 2010 23:32:19 +0200, you wrote:

>On 03/12/2010 10:46 PM, George R. Kasica wrote:
>> We've compiled and are running here as well with Red Hat EL4 (gcc
>> 3.4.6-11.el4_8.1) and Red Hat EL5 (gcc 4.1.2-46.el5_4.2) both of which
>> are the latest released versions of gcc from Red Had RPMs and are
>> seeing the same JIT failures...how new are you expecting the gcc to
>> be? 
>
>Minimum 4.1.3.
>4.1.2 is listed as a broken version here (although not exactly the
>version you have, -42 is listed, you have -46)
>http://llvm.org/docs/GettingStarted.html#brokengcc
>
>You can try to use --enable-llvm (it will ignore the gcc version then),
>and see if make check passes.
>If so let me know to automatically enable the JIT on that compiler version.
>
>There is a 4.4.0 gcc available for RHEL5 too that works.
>
>> 
>> There's no way that our environment is going to be able to put
>> something newer out than what is released by the Distro
>> vendor.that it falls back to another mode is fine, but there's an
>> awful lot of RHEL5 out there that I'm betting is running that rev of
>> gcc that will see this error.
>
>That warning will be downgraded to a debug message.


Neither will compile cleanly with the --enable-llvm switch, both fail
make on RH EL4 and RH EL5 shown above.

George
-- 
===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
geor...@netwrx1.com
ICQ #12862186
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


[Clamav-users] ***** SPAM ***** ***** SPAM ***** Re: 0.96rc1 LibClamAV Warning: JIT not compiled in

2010-03-12 Thread George R . Kasica
We've compiled and are running here as well with Red Hat EL4 (gcc
3.4.6-11.el4_8.1) and Red Hat EL5 (gcc 4.1.2-46.el5_4.2) both of which
are the latest released versions of gcc from Red Had RPMs and are
seeing the same JIT failures...how new are you expecting the gcc to
be? 

There's no way that our environment is going to be able to put
something newer out than what is released by the Distro
vendor.that it falls back to another mode is fine, but there's an
awful lot of RHEL5 out there that I'm betting is running that rev of
gcc that will see this error.

George


>On Thu, 11 Mar 2010 11:42:51 -0600, you wrote:

>I installed clam 0.96rc1 on a FreeBSD 5.3 test server.  "make" 
>seemed to run normally.
>
>When I scan any file with clamscan, I get:
># clamscan /etc/motd
>LibClamAV Warning: JIT not compiled in
>/etc/motd: OK
>
-- 
===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
geor...@netwrx1.com
ICQ #12862186
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


Re: [Clamav-users] Thoughts on software QA Testing (or lack thereof...)

2009-11-05 Thread George R . Kasica
>We're currently investigating the possibility of using the OpenSUSE
>build service to test the next ClamAV release on multiple Linux
>distributions, including many old ones:
>openSUSE 11.x, SLES/SLED 9/10/11, Fedora 10/11, RHEL 4/5, CentOS 5,
>Mandriva 2009, xUbuntu 6.06/8.04/8.10/9.04

OK...I'm not going to debate "old" vs. "new" here but I'm fairly sure
the installed base of Fedora Core 10 and RHEL4 and Solaris 9 which are
all actively supported by the various Vendors/groups would disagree
with your assessment as would alot of businesses that are running them
in a day to day production setting for front line work. 

Frankly, Don't think I would be able to get a "new" OS such as FC-11
or RHEL5 OK 'd to go into production at our company due to lack of
sufficient background from a security standpoint etc.

In any case, if you're looking for a test spot for FC10, Solaris 9,
RHEL4 I'd be happy to try to run some stuff here on a box - I'm not a
programmer but I can do basic things if given clear steps or test the
ability to at least get it to make etc in our QA/Test environment.

Let me know.

George
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


Re: [Clamav-users] clamav 0.95.3 doesn't make on Fedora Core 10

2009-10-30 Thread George R . Kasica
>On Fri, 30 Oct 2009 22:45:08 -0500, you wrote:

>>On Fri, 30 Oct 2009 19:00:57 -0500, you wrote:
>
>>./configure runs fine but fails make here:
>>
>>/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I.
>>-I..  -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL
>>-DSEARCH_LIBDIR=\"/usr/local/lib\" -g -O2 -fno-strict-aliasing -MT
>>libclamav_la-matcher-ac.lo -MD -MP -MF
>>.deps/libclamav_la-matcher-ac.Tpo -c -o libclamav_la-matcher-ac.lo
>>`test -f 'matcher-ac.c' || echo './'`matcher-ac.c
>>libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma
>>-I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\"/usr/local/lib\" -g
>>-O2 -fno-strict-aliasing -MT libclamav_la-matcher-ac.lo -MD -MP -MF
>>.deps/libclamav_la-matcher-ac.Tpo -c matcher-ac.c  -fPIC -DPIC -o
>>.libs/libclamav_la-matcher-ac.o
>>libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma
>>-I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\"/usr/local/lib\" -g
>>-O2 -fno-strict-aliasing -MT libclamav_la-matcher-ac.lo -MD -MP -MF
>>.deps/libclamav_la-matcher-ac.Tpo -c matcher-ac.c -o
>>libclamav_la-matcher-ac.o >/dev/null 2>&1
>>mv -f .deps/libclamav_la-matcher-ac.Tpo
>>.deps/libclamav_la-matcher-ac.Plo
>>/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I.
>>-I..  -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL
>>-DSEARCH_LIBDIR=\"/usr/local/lib\" -g -O2 -fno-strict-aliasing -MT
>>libclamav_la-matcher-bm.lo -MD -MP -MF
>>.deps/libclamav_la-matcher-bm.Tpo -c -o libclamav_la-matcher-bm.lo
>>`test -f 'matcher-bm.c' || echo './'`matcher-bm.c
>>libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma
>>-I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\"/usr/local/lib\" -g
>>-O2 -fno-strict-aliasing -MT libclamav_la-matcher-bm.lo -MD -MP -MF
>>.deps/libclamav_la-matcher-bm.Tpo -c matcher-bm.c  -fPIC -DPIC -o
>>.libs/libclamav_la-matcher-bm.o
>>In file included from matcher.h:28,
>> from others.h:21,
>> from matcher-bm.c:29:
>>others.h: In function ‘cli_getpagesize’:
>>others.h:363: error: ‘_SC_PAGESIZE’ undeclared (first use in this
>>function)
>>others.h:363: error: (Each undeclared identifier is reported only once
>>others.h:363: error: for each function it appears in.)
>>make[4]: *** [libclamav_la-matcher-bm.lo] Error 1
>>make[4]: Leaving directory
>>`/home2/Linux-Software/clamav-0.95.3/libclamav'
>>make[3]: *** [all-recursive] Error 1
>>make[3]: Leaving directory
>>`/home2/Linux-Software/clamav-0.95.3/libclamav'
>>make[2]: *** [all] Error 2
>>make[2]: Leaving directory
>>`/home2/Linux-Software/clamav-0.95.3/libclamav'
>>make[1]: *** [all-recursive] Error 1
>>make[1]: Leaving directory `/home2/Linux-Software/clamav-0.95.3'
>>make: *** [all] Error 2
>
>
>I saw the following post on the web but somehow not the mailing list
>regarding the above:
>
>From: Török Edwin  
>Date: Thu Oct 29 2009 - 10:29:42 EDT
>
>That is another issue, it is fixed by the patch I posted in another
>thread. Here it is again: 
>http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff_plain;h=6238a5ca06c07931b2f6ace62601ef43807df8e2;hp=55d97736bd289b53c93b652d88e5acd1886ec1bc
>
>Best regards, 
>--Edwin 
>
>How would one apply this patch and would it do any good in my case as
>I HAVE git installed.
>


Never mind.Found the patch at the above URL, copied the text to a
file and got it applied with

patch -p1 < patch-0.95.3

and reran configure, make and make install without any problems.

-- 
===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
geor...@netwrx1.com
ICQ #12862186
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


Re: [Clamav-users] clamav 0.95.3 doesn't make on Fedora Core 10

2009-10-30 Thread George R . Kasica
>On Fri, 30 Oct 2009 19:00:57 -0500, you wrote:

>./configure runs fine but fails make here:
>
>/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I.
>-I..  -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL
>-DSEARCH_LIBDIR=\"/usr/local/lib\" -g -O2 -fno-strict-aliasing -MT
>libclamav_la-matcher-ac.lo -MD -MP -MF
>.deps/libclamav_la-matcher-ac.Tpo -c -o libclamav_la-matcher-ac.lo
>`test -f 'matcher-ac.c' || echo './'`matcher-ac.c
>libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma
>-I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\"/usr/local/lib\" -g
>-O2 -fno-strict-aliasing -MT libclamav_la-matcher-ac.lo -MD -MP -MF
>.deps/libclamav_la-matcher-ac.Tpo -c matcher-ac.c  -fPIC -DPIC -o
>.libs/libclamav_la-matcher-ac.o
>libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma
>-I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\"/usr/local/lib\" -g
>-O2 -fno-strict-aliasing -MT libclamav_la-matcher-ac.lo -MD -MP -MF
>.deps/libclamav_la-matcher-ac.Tpo -c matcher-ac.c -o
>libclamav_la-matcher-ac.o >/dev/null 2>&1
>mv -f .deps/libclamav_la-matcher-ac.Tpo
>.deps/libclamav_la-matcher-ac.Plo
>/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I.
>-I..  -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL
>-DSEARCH_LIBDIR=\"/usr/local/lib\" -g -O2 -fno-strict-aliasing -MT
>libclamav_la-matcher-bm.lo -MD -MP -MF
>.deps/libclamav_la-matcher-bm.Tpo -c -o libclamav_la-matcher-bm.lo
>`test -f 'matcher-bm.c' || echo './'`matcher-bm.c
>libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma
>-I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\"/usr/local/lib\" -g
>-O2 -fno-strict-aliasing -MT libclamav_la-matcher-bm.lo -MD -MP -MF
>.deps/libclamav_la-matcher-bm.Tpo -c matcher-bm.c  -fPIC -DPIC -o
>.libs/libclamav_la-matcher-bm.o
>In file included from matcher.h:28,
> from others.h:21,
> from matcher-bm.c:29:
>others.h: In function ‘cli_getpagesize’:
>others.h:363: error: ‘_SC_PAGESIZE’ undeclared (first use in this
>function)
>others.h:363: error: (Each undeclared identifier is reported only once
>others.h:363: error: for each function it appears in.)
>make[4]: *** [libclamav_la-matcher-bm.lo] Error 1
>make[4]: Leaving directory
>`/home2/Linux-Software/clamav-0.95.3/libclamav'
>make[3]: *** [all-recursive] Error 1
>make[3]: Leaving directory
>`/home2/Linux-Software/clamav-0.95.3/libclamav'
>make[2]: *** [all] Error 2
>make[2]: Leaving directory
>`/home2/Linux-Software/clamav-0.95.3/libclamav'
>make[1]: *** [all-recursive] Error 1
>make[1]: Leaving directory `/home2/Linux-Software/clamav-0.95.3'
>make: *** [all] Error 2


I saw the following post on the web but somehow not the mailing list
regarding the above:

From: Török Edwin  
Date: Thu Oct 29 2009 - 10:29:42 EDT

That is another issue, it is fixed by the patch I posted in another
thread. Here it is again: 
http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff_plain;h=6238a5ca06c07931b2f6ace62601ef43807df8e2;hp=55d97736bd289b53c93b652d88e5acd1886ec1bc

Best regards, 
--Edwin 

How would one apply this patch and would it do any good in my case as
I HAVE git installed.

George
-- 
===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
geor...@netwrx1.com
ICQ #12862186
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


Re: [Clamav-users] 64bit RH ES5 Compile Error for Clamav 0.95.3

2009-10-30 Thread George R . Kasica
>On Fri, 30 Oct 2009 16:56:43 -0700, you wrote:

>George R. Kasica wrote:
>> I have no idea - I just followed the zlib instructions to run
>> 
>> ./configure
>> make
>> make install
>> 
>> You're getting into things I don't know - I'm no programmer here,
>> please keep this simple, I'm just the system admin.
>
>It sounds like you installed zlib separately instead of using the 
>package that comes with Red Hat. Is that correct?
>
>RHEL's package installs in /usr/lib and /usr/lib64, not in /usr/local/lib.
>
>It's also simpler to install.  Just run "yum install zlib zlib-devel" 
>and it'll download and install automatically, including any dependencies.

That got it going.

Thanks alotnow to get the fedora core 10 version to worksadly
this isn't its problem :(

George
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


[Clamav-users] clamav 0.95.3 doesn't make on Fedora Core 10

2009-10-30 Thread George R . Kasica
./configure runs fine but fails make here:

/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I.
-I..  -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL
-DSEARCH_LIBDIR=\"/usr/local/lib\" -g -O2 -fno-strict-aliasing -MT
libclamav_la-matcher-ac.lo -MD -MP -MF
.deps/libclamav_la-matcher-ac.Tpo -c -o libclamav_la-matcher-ac.lo
`test -f 'matcher-ac.c' || echo './'`matcher-ac.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma
-I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\"/usr/local/lib\" -g
-O2 -fno-strict-aliasing -MT libclamav_la-matcher-ac.lo -MD -MP -MF
.deps/libclamav_la-matcher-ac.Tpo -c matcher-ac.c  -fPIC -DPIC -o
.libs/libclamav_la-matcher-ac.o
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma
-I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\"/usr/local/lib\" -g
-O2 -fno-strict-aliasing -MT libclamav_la-matcher-ac.lo -MD -MP -MF
.deps/libclamav_la-matcher-ac.Tpo -c matcher-ac.c -o
libclamav_la-matcher-ac.o >/dev/null 2>&1
mv -f .deps/libclamav_la-matcher-ac.Tpo
.deps/libclamav_la-matcher-ac.Plo
/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I.
-I..  -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL
-DSEARCH_LIBDIR=\"/usr/local/lib\" -g -O2 -fno-strict-aliasing -MT
libclamav_la-matcher-bm.lo -MD -MP -MF
.deps/libclamav_la-matcher-bm.Tpo -c -o libclamav_la-matcher-bm.lo
`test -f 'matcher-bm.c' || echo './'`matcher-bm.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma
-I../libltdl -DWARN_DLOPEN_FAIL -DSEARCH_LIBDIR=\"/usr/local/lib\" -g
-O2 -fno-strict-aliasing -MT libclamav_la-matcher-bm.lo -MD -MP -MF
.deps/libclamav_la-matcher-bm.Tpo -c matcher-bm.c  -fPIC -DPIC -o
.libs/libclamav_la-matcher-bm.o
In file included from matcher.h:28,
 from others.h:21,
 from matcher-bm.c:29:
others.h: In function ‘cli_getpagesize’:
others.h:363: error: ‘_SC_PAGESIZE’ undeclared (first use in this
function)
others.h:363: error: (Each undeclared identifier is reported only once
others.h:363: error: for each function it appears in.)
make[4]: *** [libclamav_la-matcher-bm.lo] Error 1
make[4]: Leaving directory
`/home2/Linux-Software/clamav-0.95.3/libclamav'
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory
`/home2/Linux-Software/clamav-0.95.3/libclamav'
make[2]: *** [all] Error 2
make[2]: Leaving directory
`/home2/Linux-Software/clamav-0.95.3/libclamav'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home2/Linux-Software/clamav-0.95.3'
make: *** [all] Error 2


-- 
===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
geor...@netwrx1.com
ICQ #12862186
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


Re: [Clamav-users] 64bit RH ES5 Compile Error for Clamav 0.95.3

2009-10-30 Thread George R . Kasica
>On Fri, 30 Oct 2009 23:56:35 +0200, you wrote:

>On 2009-10-30 23:55, George R. Kasica wrote:
>>> On Fri, 30 Oct 2009 21:40:46 +0100, you wrote:
>>> 
>>
>>   
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>>
>>> On 30/10/2009 20.35, George R. Kasica wrote:
>>> 
>>>> With the following configure after make clean and then a make 0.95.3
>>>> fails to build on Red Hat Enterprise Server 5 64 bit. Error bits
>>>> below:
>>>>
>>>> ./configure --prefix=/usr/local/clamav-0.95.3
>>>>
>>>> Error:
>>>> =
>>>>
>>>> libtool: link: rm
>>>> -f .libs/libclamav.nm .libs/libclamav.nmS .libs/libclamav.nmT
>>>> libtool: link: (cd .libs && gcc -g -O2 -c -fno-builtin  -fPIC -DPIC
>>>> "libclamavS.c")
>>>> libtool: link: rm -f ".libs/libclamavS.c" ".libs/libclamav.nm"
>>>> ".libs/libclamav.nmS" ".libs/libclamav.nmT"
>>>> libtool: link: gcc
>>>> -shared  .libs/libclamav_la-matcher-ac.o
>>>> .libs/libclamav_la-matcher-bm.o .libs/libclamav_la-matcher.o
>>>> .libs/libclamav_la-others.o .libs/libclamav_la-readdb.o
>>>> .libs/libclamav_la-cvd.o .libs/libclamav_la-dsig.o
>>>> .libs/libclamav_la-scanners.o .libs/libclamav_la-textdet.o
>>>> .libs/libclamav_la-filetypes.o .libs/libclamav_la-rtf.o
>>>> .libs/libclamav_la-blob.o .libs/libclamav_la-mbox.o
>>>> .libs/libclamav_la-message.o .libs/libclamav_la-table.o
>>>> .libs/libclamav_la-text.o .libs/libclamav_la-ole2_extract.o
>>>> .libs/libclamav_la-vba_extract.o .libs/libclamav_la-msexpand.o
>>>> .libs/libclamav_la-pe.o .libs/libclamav_la-disasm.o
>>>> .libs/libclamav_la-upx.o .libs/libclamav_la-htmlnorm.o
>>>> .libs/libclamav_la-chmunpack.o .libs/libclamav_la-rebuildpe.o
>>>> .libs/libclamav_la-petite.o .libs/libclamav_la-wwunpack.o
>>>> .libs/libclamav_la-unsp.o .libs/libclamav_la-aspack.o
>>>> .libs/libclamav_la-packlibs.o .libs/libclamav_la-fsg.o
>>>> .libs/libclamav_la-mew.o .libs/libclamav_la-upack.o
>>>> .libs/libclamav_la-line.o .libs/libclamav_la-untar.o
>>>> .libs/libclamav_la-unzip.o .libs/libclamav_la-inflate64.o
>>>> .libs/libclamav_la-special.o .libs/libclamav_la-binhex.o
>>>> .libs/libclamav_la-is_tar.o .libs/libclamav_la-tnef.o
>>>> .libs/libclamav_la-autoit.o .libs/libclamav_la-unarj.o
>>>> .libs/libclamav_la-bzlib.o .libs/libclamav_la-nulsft.o
>>>> .libs/libclamav_la-infblock.o .libs/libclamav_la-pdf.o
>>>> .libs/libclamav_la-spin.o .libs/libclamav_la-yc.o
>>>> .libs/libclamav_la-elf.o .libs/libclamav_la-sis.o
>>>> .libs/libclamav_la-uuencode.o .libs/libclamav_la-phishcheck.o
>>>> .libs/libclamav_la-phish_domaincheck_db.o
>>>> .libs/libclamav_la-phish_whitelist.o .libs/libclamav_la-regex_list.o
>>>> .libs/libclamav_la-regex_suffix.o .libs/libclamav_la-mspack.o
>>>> .libs/libclamav_la-cab.o .libs/libclamav_la-entconv.o
>>>> .libs/libclamav_la-hashtab.o .libs/libclamav_la-dconf.o
>>>> .libs/libclamav_la-lzma_iface.o .libs/libclamav_la-explode.o
>>>> .libs/libclamav_la-textnorm.o .libs/libclamav_la-dlp.o
>>>> .libs/libclamav_la-js-norm.o .libs/libclamav_la-uniq.o
>>>> .libs/libclamav_la-version.o
>>>> .libs/libclamav_la-mpool.o .libs/libclamav_la-sha256.o
>>>> .libs/libclamav_la-bignum.o .libs/libclamavS.o
>>>>  -Wl,--whole-archive ../libltdl/.libs/libltdlc.a
>>>> lzma/.libs/liblzma.a ./.libs/libclamav_internal_utils.a
>>>> -Wl,--no-whole-archive  -L/usr/local/lib -lz -lpthread -ldl
>>>> -Wl,--version-script -Wl,../libclamav/libclamav.map   -Wl,-soname
>>>> -Wl,libclamav.so.6 -o .libs/libclamav.so.6.0.5
>>>> /usr/bin/ld: /usr/local/lib/libz.a(adler32.o): relocation R_X86_64_32
>>>> against `a local symbol' can not be used when making a shared object;
>>>> recompile with -fPIC
>>>> /usr/local/lib/libz.a: could not read symbols: Bad value
>>>> collect2: ld returned 1 exit status
>>>>   
>>> why do you have zlib in /usr/local/lib ? custom compiled?
>>> 
>>
>> that's where the zlib package put it on install by default.
>>   
>
>Why isn't there a .so file? Linking a .a file (compiled without -fPIC)
>into a .so file (compiled with -fPIC) is not going to work on x86_64.

I have no idea - I just followed the zlib instructions to run

./configure
make
make install

You're getting into things I don't know - I'm no programmer here,
please keep this simple, I'm just the system admin.

George
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


Re: [Clamav-users] 64bit RH ES5 Compile Error for Clamav 0.95.3

2009-10-30 Thread George R . Kasica
>On Fri, 30 Oct 2009 21:40:46 +0100, you wrote:

>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>On 30/10/2009 20.35, George R. Kasica wrote:
>> With the following configure after make clean and then a make 0.95.3
>> fails to build on Red Hat Enterprise Server 5 64 bit. Error bits
>> below:
>> 
>> ./configure --prefix=/usr/local/clamav-0.95.3
>> 
>> Error:
>> =
>> 
>> libtool: link: rm
>> -f .libs/libclamav.nm .libs/libclamav.nmS .libs/libclamav.nmT
>> libtool: link: (cd .libs && gcc -g -O2 -c -fno-builtin  -fPIC -DPIC
>> "libclamavS.c")
>> libtool: link: rm -f ".libs/libclamavS.c" ".libs/libclamav.nm"
>> ".libs/libclamav.nmS" ".libs/libclamav.nmT"
>> libtool: link: gcc
>> -shared  .libs/libclamav_la-matcher-ac.o
>> .libs/libclamav_la-matcher-bm.o .libs/libclamav_la-matcher.o
>> .libs/libclamav_la-others.o .libs/libclamav_la-readdb.o
>> .libs/libclamav_la-cvd.o .libs/libclamav_la-dsig.o
>> .libs/libclamav_la-scanners.o .libs/libclamav_la-textdet.o
>> .libs/libclamav_la-filetypes.o .libs/libclamav_la-rtf.o
>> .libs/libclamav_la-blob.o .libs/libclamav_la-mbox.o
>> .libs/libclamav_la-message.o .libs/libclamav_la-table.o
>> .libs/libclamav_la-text.o .libs/libclamav_la-ole2_extract.o
>> .libs/libclamav_la-vba_extract.o .libs/libclamav_la-msexpand.o
>> .libs/libclamav_la-pe.o .libs/libclamav_la-disasm.o
>> .libs/libclamav_la-upx.o .libs/libclamav_la-htmlnorm.o
>> .libs/libclamav_la-chmunpack.o .libs/libclamav_la-rebuildpe.o
>> .libs/libclamav_la-petite.o .libs/libclamav_la-wwunpack.o
>> .libs/libclamav_la-unsp.o .libs/libclamav_la-aspack.o
>> .libs/libclamav_la-packlibs.o .libs/libclamav_la-fsg.o
>> .libs/libclamav_la-mew.o .libs/libclamav_la-upack.o
>> .libs/libclamav_la-line.o .libs/libclamav_la-untar.o
>> .libs/libclamav_la-unzip.o .libs/libclamav_la-inflate64.o
>> .libs/libclamav_la-special.o .libs/libclamav_la-binhex.o
>> .libs/libclamav_la-is_tar.o .libs/libclamav_la-tnef.o
>> .libs/libclamav_la-autoit.o .libs/libclamav_la-unarj.o
>> .libs/libclamav_la-bzlib.o .libs/libclamav_la-nulsft.o
>> .libs/libclamav_la-infblock.o .libs/libclamav_la-pdf.o
>> .libs/libclamav_la-spin.o .libs/libclamav_la-yc.o
>> .libs/libclamav_la-elf.o .libs/libclamav_la-sis.o
>> .libs/libclamav_la-uuencode.o .libs/libclamav_la-phishcheck.o
>> .libs/libclamav_la-phish_domaincheck_db.o
>> .libs/libclamav_la-phish_whitelist.o .libs/libclamav_la-regex_list.o
>> .libs/libclamav_la-regex_suffix.o .libs/libclamav_la-mspack.o
>> .libs/libclamav_la-cab.o .libs/libclamav_la-entconv.o
>> .libs/libclamav_la-hashtab.o .libs/libclamav_la-dconf.o
>> .libs/libclamav_la-lzma_iface.o .libs/libclamav_la-explode.o
>> .libs/libclamav_la-textnorm.o .libs/libclamav_la-dlp.o
>> .libs/libclamav_la-js-norm.o .libs/libclamav_la-uniq.o
>> .libs/libclamav_la-version.o
>> .libs/libclamav_la-mpool.o .libs/libclamav_la-sha256.o
>> .libs/libclamav_la-bignum.o .libs/libclamavS.o
>>  -Wl,--whole-archive ../libltdl/.libs/libltdlc.a
>> lzma/.libs/liblzma.a ./.libs/libclamav_internal_utils.a
>> -Wl,--no-whole-archive  -L/usr/local/lib -lz -lpthread -ldl
>> -Wl,--version-script -Wl,../libclamav/libclamav.map   -Wl,-soname
>> -Wl,libclamav.so.6 -o .libs/libclamav.so.6.0.5
>> /usr/bin/ld: /usr/local/lib/libz.a(adler32.o): relocation R_X86_64_32
>> against `a local symbol' can not be used when making a shared object;
>> recompile with -fPIC
>> /usr/local/lib/libz.a: could not read symbols: Bad value
>> collect2: ld returned 1 exit status
>
>why do you have zlib in /usr/local/lib ? custom compiled?

that's where the zlib package put it on install by default.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


Re: [Clamav-users] Unable to compile clamav-0.95.3 on FreeBSD

2009-10-30 Thread George R . Kasica
>On Fri, 30 Oct 2009 11:47:17 +, you wrote:

>Hi,
>
>On 2009-10-29 14:35, George Eliozov wrote:
>> Hi,
>> Just try to update my Clam AV and receive problem, listed below,
>> Any ideas?  "git: not found" - git?
>>
>> libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma
>> -I../libltdl -DWARN_DLOPEN_FAIL -I/usr/local/include -I/usr/local/include
>> -DSEARCH_LIBDIR=\"/usr/local/lib/elf\" -g -O2 -MT libclamav_la-uniq.lo -MD
>> -MP -MF .deps/libclamav_la-uniq.Tpo -c uniq.c -o libclamav_la-uniq.o
>> >/dev/null 2>
>
>I hit (probably) the same problem building on Solaris and found that touching
>an empty file "version.h.tmp" in the / clamav-0.95.3/libclamav
>directory fixed it.  Based on looking back at a 0.95.2 build tree.
>
>HTH
>
>Tony..

Helps for Solaris 9 as well here.

George
-- 
George, Ginger/The Beast Kasica(8/1/88-3/19/01, 1/17/02- ), Rosie(9/1/07- ), 
Merlin/MR. Tibbs(8/1/90-5/24/06, 2/10/08- ), Nazarene(6/1/99-1/28/08)
Jackson, WI USA
geor...@netwrx1.com
http://www.netwrx1.com/georgek
ICQ #12862186

("`-''-/").___..--''"`-._
`6_ 6  )   `-.  ( ).`-.__.`)
(_Y_.)'  ._   )  `._ `. ``-..-'
_..`--'_..-_/  /--'_.' ,'
(il),-''  (li),'  ((!.-'
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


[Clamav-users] 64bit RH ES5 Compile Error for Clamav 0.95.3

2009-10-30 Thread George R . Kasica
With the following configure after make clean and then a make 0.95.3
fails to build on Red Hat Enterprise Server 5 64 bit. Error bits
below:

./configure --prefix=/usr/local/clamav-0.95.3

Error:
=

libtool: link: rm
-f .libs/libclamav.nm .libs/libclamav.nmS .libs/libclamav.nmT
libtool: link: (cd .libs && gcc -g -O2 -c -fno-builtin  -fPIC -DPIC
"libclamavS.c")
libtool: link: rm -f ".libs/libclamavS.c" ".libs/libclamav.nm"
".libs/libclamav.nmS" ".libs/libclamav.nmT"
libtool: link: gcc
-shared  .libs/libclamav_la-matcher-ac.o
.libs/libclamav_la-matcher-bm.o .libs/libclamav_la-matcher.o
.libs/libclamav_la-others.o .libs/libclamav_la-readdb.o
.libs/libclamav_la-cvd.o .libs/libclamav_la-dsig.o
.libs/libclamav_la-scanners.o .libs/libclamav_la-textdet.o
.libs/libclamav_la-filetypes.o .libs/libclamav_la-rtf.o
.libs/libclamav_la-blob.o .libs/libclamav_la-mbox.o
.libs/libclamav_la-message.o .libs/libclamav_la-table.o
.libs/libclamav_la-text.o .libs/libclamav_la-ole2_extract.o
.libs/libclamav_la-vba_extract.o .libs/libclamav_la-msexpand.o
.libs/libclamav_la-pe.o .libs/libclamav_la-disasm.o
.libs/libclamav_la-upx.o .libs/libclamav_la-htmlnorm.o
.libs/libclamav_la-chmunpack.o .libs/libclamav_la-rebuildpe.o
.libs/libclamav_la-petite.o .libs/libclamav_la-wwunpack.o
.libs/libclamav_la-unsp.o .libs/libclamav_la-aspack.o
.libs/libclamav_la-packlibs.o .libs/libclamav_la-fsg.o
.libs/libclamav_la-mew.o .libs/libclamav_la-upack.o
.libs/libclamav_la-line.o .libs/libclamav_la-untar.o
.libs/libclamav_la-unzip.o .libs/libclamav_la-inflate64.o
.libs/libclamav_la-special.o .libs/libclamav_la-binhex.o
.libs/libclamav_la-is_tar.o .libs/libclamav_la-tnef.o
.libs/libclamav_la-autoit.o .libs/libclamav_la-unarj.o
.libs/libclamav_la-bzlib.o .libs/libclamav_la-nulsft.o
.libs/libclamav_la-infblock.o .libs/libclamav_la-pdf.o
.libs/libclamav_la-spin.o .libs/libclamav_la-yc.o
.libs/libclamav_la-elf.o .libs/libclamav_la-sis.o
.libs/libclamav_la-uuencode.o .libs/libclamav_la-phishcheck.o
.libs/libclamav_la-phish_domaincheck_db.o
.libs/libclamav_la-phish_whitelist.o .libs/libclamav_la-regex_list.o
.libs/libclamav_la-regex_suffix.o .libs/libclamav_la-mspack.o
.libs/libclamav_la-cab.o .libs/libclamav_la-entconv.o
.libs/libclamav_la-hashtab.o .libs/libclamav_la-dconf.o
.libs/libclamav_la-lzma_iface.o .libs/libclamav_la-explode.o
.libs/libclamav_la-textnorm.o .libs/libclamav_la-dlp.o
.libs/libclamav_la-js-norm.o .libs/libclamav_la-uniq.o
.libs/libclamav_la-version.o
.libs/libclamav_la-mpool.o .libs/libclamav_la-sha256.o
.libs/libclamav_la-bignum.o .libs/libclamavS.o
 -Wl,--whole-archive ../libltdl/.libs/libltdlc.a
lzma/.libs/liblzma.a ./.libs/libclamav_internal_utils.a
-Wl,--no-whole-archive  -L/usr/local/lib -lz -lpthread -ldl
-Wl,--version-script -Wl,../libclamav/libclamav.map   -Wl,-soname
-Wl,libclamav.so.6 -o .libs/libclamav.so.6.0.5
/usr/bin/ld: /usr/local/lib/libz.a(adler32.o): relocation R_X86_64_32
against `a local symbol' can not be used when making a shared object;
recompile with -fPIC
/usr/local/lib/libz.a: could not read symbols: Bad value
collect2: ld returned 1 exit status
make[4]: *** [libclamav.la] Error 1
make[4]: Leaving directory `/opt/clamav-0.95.3/libclamav'
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory `/opt/clamav-0.95.3/libclamav'
make[2]: *** [all] Error 2
make[2]: Leaving directory `/opt/clamav-0.95.3/libclamav'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/opt/clamav-0.95.3'
make: *** [all] Error 2


-- 
===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
geor...@netwrx1.com
ICQ #12862186
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


[Clamav-users] Unable to compile clamav-0.95.3 on FreeBSD 6.2-RELEASE

2009-10-29 Thread George Eliozov
Hi,
Just try to update my Clam AV and receive problem, listed below,
Any ideas?  "git: not found" - git? 

libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma
-I../libltdl -DWARN_DLOPEN_FAIL -I/usr/local/include -I/usr/local/include
-DSEARCH_LIBDIR=\"/usr/local/lib/elf\" -g -O2 -MT libclamav_la-uniq.lo -MD
-MP -MF .deps/libclamav_la-uniq.Tpo -c uniq.c -o libclamav_la-uniq.o
>/dev/null 2>&1
mv -f .deps/libclamav_la-uniq.Tpo .deps/libclamav_la-uniq.Plo
git: not found
*** Error code 127

Stop in
/common/distrib/FreeBSD/configs/installscripts/antivirus/clamav/clamav-0.95.
3/libclamav.
*** Error code 1

Stop in
/common/distrib/FreeBSD/configs/installscripts/antivirus/clamav/clamav-0.95.
3/libclamav.
*** Error code 1

Stop in
/common/distrib/FreeBSD/configs/installscripts/antivirus/clamav/clamav-0.95.
3/libclamav.
*** Error code 1

Stop in
/common/distrib/FreeBSD/configs/installscripts/antivirus/clamav/clamav-0.95.
3.
*** Error code 1

Stop in
/common/distrib/FreeBSD/configs/installscripts/antivirus/clamav/clamav-0.95.
3. 

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


[Clamav-users] false positives for

2009-06-16 Thread George Geller
Recently, the scan has been giving me:

sda1/Program Files/Microsoft Office/Office12/EXCEL.EXE: 
W32.Virut.Gen.D-163 FOUND
sda1/Program Files/Microsoft Office/Office12/excelcnv.exe: 
W32.Virut.Gen.D-163 FOUND
sda1/WINDOWS/SoftwareDistribution/Download/754e3b95d1b56e045c85bd49529d92b4/xlconv.cab:
 
W32.Virut.Gen.D-163 FOUND
sda1/WINDOWS/SoftwareDistribution/Download/488b87313a382b81238c79301c751bbd/excel.cab:
 
W32.Virut.Gen.D-163 FOUND
sda1/WINDOWS/Installer/789ce7.msp: W32.Virut.Gen.D-163 FOUND
sda1/WINDOWS/Installer/789cfb.msp: W32.Virut.Gen.D-163 FOUND

Since a full scan with Windows defender doesn't detect this issue and 
http://virusscan.jotti.org/ shows that 789cfb.msp is virus free with all 
programs except clam, I think this is a false positive.

see http://wsms.wikiplanet.com/mediawiki/index.php/Clamscan for 
additional details.

Please advise.

Thanks, George

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


Re: [Clamav-users] Problems builing in solaris related to unrar libraries

2009-03-17 Thread George R . Kasica
Bug #1476 created with the requested info.


>On 2009-03-17 20:19, George R. Kasica wrote:
>>> On Tue, 17 Mar 2009 20:07:19 +0200, you wrote:
>>> 
>>
>>   
>>> On 2009-03-17 20:02, George R. Kasica wrote:
>>> 
>>>> I'm not sure how to use crle to do this, so I just added to the
>>>> LD_LIBRARY_PATH setting. 
>>>>
>>>> All seems well at this point, and you were correct, I wasn't looking
>>>> to disable the feature.
>>>>
>>>> Why does this not occur in Red Hap ES4 but on Solaris? 
>>>>   
>>> Because on Red Hat you probably installed to /usr/local/lib or /usr/lib,
>>> which is already in the runtime linker's
>>> search path?
>>> 
>> No, both are installed to /usr/local/clamav same for both OS types
>> here, it makes maintaining this easier on 52 servers when only 2 are
>> Solaris and the rest are Red Hat EL4.
>>   
>
>That sounds like a bug (in configure, or libtool maybe?).
>Please open a bugreport on bugs.clamav.net, and provide the following
>information:
>* uname -a
>* the full configure line
>* attach config.log
>* attach clamav-config.h
>* attach the output of the following, both when LD_LIBRARY_PATH is set
>and not set: truss clamscan test/clam-v*.rar
>* attach the output of the following from your RHEL4 box: strace
>clamscan test/clam-v*.rar
>
>If it is a libtool problem I'll forward it upstream.
>
>Best regards,
>--Edwin
>___
>Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>http://www.clamav.net/support/ml
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


Re: [Clamav-users] Problems builing in solaris related to unrar libraries

2009-03-17 Thread George R . Kasica
>On Tue, 17 Mar 2009 20:07:19 +0200, you wrote:

>On 2009-03-17 20:02, George R. Kasica wrote:
>> I'm not sure how to use crle to do this, so I just added to the
>> LD_LIBRARY_PATH setting. 
>>
>> All seems well at this point, and you were correct, I wasn't looking
>> to disable the feature.
>>
>> Why does this not occur in Red Hap ES4 but on Solaris? 
>
>Because on Red Hat you probably installed to /usr/local/lib or /usr/lib,
>which is already in the runtime linker's
>search path?
No, both are installed to /usr/local/clamav same for both OS types
here, it makes maintaining this easier on 52 servers when only 2 are
Solaris and the rest are Red Hat EL4.

>> Also, I haven't
>> needed to modify the env variables on any prior versions...what's
>> changed??
>libclamunrar_iface is now loaded at runtime, see this page which
>explains why:
>https://wiki.clamav.net/52 Main/UpgradeNotes095#Packaging_and_Dependencies
OK, though that still doesn't answer why it behaved differently under
Solaris than Red Hat.I'm glad I only have 2 Solaris boxes that
need the changes not 50.that would be a bit more workany way
to avoid this in the future possibly as I'm now concerned if there
would at some point be a change on the Linux side that affects this.

 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


Re: [Clamav-users] Problems builing in solaris related to unrar libraries

2009-03-17 Thread George R . Kasica
I'm not sure how to use crle to do this, so I just added to the
LD_LIBRARY_PATH setting. 

All seems well at this point, and you were correct, I wasn't looking
to disable the feature.

Why does this not occur in Red Hap ES4 but on Solaris? Also, I haven't
needed to modify the env variables on any prior versions...what's
changed??

George


>On 2009-03-17 18:43, George R. Kasica wrote:
>> I've compiled the 0.95rc2 here on Solaris and when installed and I run
>> the clamd I get the following error but its still running.
>>
>>
>> # /usr/local/clamav/sbin/clamd
>> LibClamAV Warning: Cannot dlopen: file not found - unrar support
>> unavailable
>>   
>
>It is only a warning, you won't be able to scan RAR archives, but
>everything else should still work.
>
>Is /usr/local/clamav/lib on your runtime search path?
>If not I think  you can use crle to add it, or set the LD_LIBRARY_PATH
>environment variable, and unrar should be working again.
>
>> I thought all I had to do was to have it commented out in clamd.conf
>>
>> # Due to license issues libclamav does not support RAR 3.0 archives
>> (onlythe
>> # old 2.0 format is supported). Because some users report stability
>> problems
>> # with unrarlib it's disabled by default and you must uncomment the
>> directive
>> # below to enable RAR 2.0 support.
>> # Default: disabled
>> #ScanRAR
>>   
>
>This is an old configuration option that no longer exists.
>
>> But that doesn't seem to stop it from trying to load rar support.
>
>If you don't want RAR support, you can configure with --disable-unrar,
>but I don't think that is what you want.
>
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


[Clamav-users] Problems builing in solaris related to unrar libraries

2009-03-17 Thread George R . Kasica
/SUNWspro/bin/../prod/bin/../../bin/f90": Sun Fortran
95
8.3 SunOS_sparc 2007/05/03
version of "/opt/SUNWspro/bin/../prod/bin/../../bin/analyzer": Sun
Analyzer
7.6 SunOS_sparc 2007/05/03
version of "/opt/SUNWspro/bin/../prod/bin/../../bin/dmake": Sun
Distributed
Make 7.8 SunOS_sparc 2007/05/03
-- 
===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
geor...@netwrx1.com
ICQ #12862186
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


Re: [Clamav-users] announcing ClamAV 0.94rc1

2008-08-22 Thread George R . Kasica
>On Thu, 21 Aug 2008 10:39:02 -0400 (EDT), you wrote:

>On Thu, 21 Aug 2008, Henrik K wrote:
>
>> Who cares if it scans 100ms or 20ms. I prefer features and stability more
>
>For those of us who use it as an incoming mail scanner (which I seem to 
>recall being the primary focus of clam from statements on this list) it 
>matters a great deal. The rate of scanning has to keep up with the rate of 
>incoming mail, or you have an ever-growing backlog.
>
>Also, the time difference isn't just 100ms vs 20ms -- there are some OLE 
>documents that in the past have taken minutes to scan. I think most of these 
>problems are solved now, but I wouldn't want to add back any solution that 
>increases the time.
>
>Further, signatures are one thing, but in a server environment you do not 
>want code to be updated automatically. Code updates usually have to be rolled 
>out, tested first on a test server, then put into production.
Chris:

Exactly why we use it here along with Exim and spamassassin. Its one
of a few products that I'm aware of that will integrate with the setup
and work (as of now anyway) well wit them and quickly. We are barely
keeping pace with mail now with 4 dual-core 3GHZ boxes I really don't
want to slow this down or have to add more hardware due to a code
change to make the tarball smaller or whatever the reason is. The goal
should be to maximize the speed of the scanning (at least that has
been the way they have been going in the past along with stability) I
thought.

As for updates, I agree 100% we're in exactly the same position here,
taking automatic updates to signatures is one thing, taking them to
code is quite another. If that occurs or becomes the way clamav works,
I'm sorry to say but the corp. environment I work in will force me to
look at another solution. EVERYTHING here code wise goes through
test/qa/prod system our info security folks would fall over if they
heard this idea, then they'd demand the product get pulled today.

-- 
===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
[EMAIL PROTECTED]
ICQ #12862186
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


Re: [Clamav-users] clamav-0.93 error

2008-04-15 Thread George R . Kasica
>George R. Kasica wrote:
>>> We have the same issue. I'd take a guess that it's because we're running 
>>> zlib-1.2.1.2-1.2 which is the latest offered by RHEL 4.
>>> 
>>
>>
>> Ditto error here with zlib 1.2.3 and I've made sure there are no
>> duplicate zlibs out here:
>>
>> the only one out here is /usr/local/lib/libz.a
>>
>>   
>Read my next e-mail. We also had v1.2.3 version of /usr/local/lib/libz.a 
>and got the same error. In /usr/lib we have the old rhel 4 version (I 
>don't think that matters for this issue). I added the shared version of 
>v1.2.3 (run configure -s if you have zlib source) to /usr/local/lib and 
>all now works fine.
Tried that here with no success :(
-- 
George, Ginger/The Beast Kasica(8/1/88-3/19/01, 1/17/02-), Rosie(9/1/07- ), MR. 
Tibbs(8/1/90-5/24/06), Nazarene(6/1/99-1/28/08)
Jackson, WI USA
[EMAIL PROTECTED]
http://www.netwrx1.com/georgek
ICQ #12862186

("`-''-/").___..--''"`-._
`6_ 6  )   `-.  ( ).`-.__.`)
(_Y_.)'  ._   )  `._ `. ``-..-'
_..`--'_..-_/  /--'_.' ,'
(il),-''  (li),'  ((!.-'
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] clamav-0.93 error

2008-04-15 Thread George R . Kasica
>We have the same issue. I'd take a guess that it's because we're running 
>zlib-1.2.1.2-1.2 which is the latest offered by RHEL 4.


Ditto error here with zlib 1.2.3 and I've made sure there are no
duplicate zlibs out here:

the only one out here is /usr/local/lib/libz.a


Error is below, I can post config.log if needed from RHEL4 compiled
from tar.gz

gcc -g -O2 -o .libs/freshclam output.o cfgparser.o getopt.o misc.o
options.o sha256.o cdiff.o tar.o freshclam.o manager.o notify.o dns.o
execute.o nonblock.o mirman.o  ../libclamav/.libs/libclamav.so
-lresolv -lpthread  -Wl,--rpath -Wl,/usr/local/clamav-0.93/lib
cdiff.o(.text+0x1a37): In function `cdiff_apply':
../shared/cdiff.c:984: undefined reference to `gzdopen'
cdiff.o(.text+0x1a71):../shared/cdiff.c:994: undefined reference to
`gzgets'
cdiff.o(.text+0x1b8d):../shared/cdiff.c:1016: undefined reference to
`gzclose'
cdiff.o(.text+0x1bc4):../shared/cdiff.c:1010: undefined reference to
`gzclose'
tar.o(.text+0xd2): In function `tar_addfile':
../shared/tar.c:82: undefined reference to `gzwrite'
tar.o(.text+0x107):../shared/tar.c:95: undefined reference to
`gzwrite'
tar.o(.text+0x1c2):../shared/tar.c:111: undefined reference to
`gzwrite'
manager.o(.text+0xf24): In function `buildcld':
/opt/clamav-0.93/freshclam/manager.c:913: undefined reference to
`gzclose'
manager.o(.text+0xf59):/opt/clamav-0.93/freshclam/manager.c:884:
undefined reference to `gzopen'
manager.o(.text+0x108d):/opt/clamav-0.93/freshclam/manager.c:932:
undefined reference to `gzclose'
manager.o(.text+0x10d5):/opt/clamav-0.93/freshclam/manager.c:944:
undefined reference to `gzclose'
collect2: ld returned 1 exit status
make[2]: *** [freshclam] Error 1
make[2]: Leaving directory `/opt/clamav-0.93/freshclam'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/opt/clamav-0.93'
make: *** [all] Error 2


-- 
===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
[EMAIL PROTECTED]
ICQ #12862186
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] clamav-0.93 error

2008-04-15 Thread George R . Kasica
Bug 935 created with config.log on it.

-- 
===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
[EMAIL PROTECTED]
ICQ #12862186
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] Problem with main.cvd and daily.inc ?

2007-12-25 Thread George R . Kasica
>> > databases ?
>> >
>>
>>-- End Original Message --
>
>++
>| E-mail : [EMAIL PROTECTED] |
>| Annuaire des radios AM/FM/DAB : http://www.annuradio.fr/   |
>++
>
>___
>Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>http://lurker.clamav.net/list/clamav-users.html
-- 
===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
[EMAIL PROTECTED]
ICQ #12862186
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


[Clamav-users] Cannot build clamav-0.90.2 on FreeBSD 5.3-RELEASE

2007-04-13 Thread George Eliozov
Hello all!

I am tiring to update clamav from clamav-0.90.1 to clamav-0.90.2.
Configure script complete successfully but when I run make, I get after
while:

gcc -g -O2 -o .libs/clamd output.o cfgparser.o getopt.o misc.o network.o
options.o clamd.o tcpserver.o localserver.o session.o thrmgr.o server-th.o
scanner.o others.o clamuko.o dazukoio_compat12.o dazukoio.o
-L/usr/local/lib ../libclamav/.libs/libclamav.so -liconv -lz -lbz2
/usr/local/lib/libgmp.so -Wl,--rpath -Wl,/usr/local/lib
network.o(.text+0x2b): In function `r_gethostbyname':
../shared/network.c:78: undefined reference to `gethostbyname_r'
thrmgr.o(.text+0xa5): In function `thrmgr_destroy':
/common/qmailrocks/clamav/clamav-0.90.2/clamd/thrmgr.c:127: undefined
reference to `pthread_attr_destroy'
thrmgr.o(.text+0x18b): In function `thrmgr_new':
/common/qmailrocks/clamav/clamav-0.90.2/clamd/thrmgr.c:168: undefined
reference to `pthread_attr_init'
thrmgr.o(.text+0x19d):/common/qmailrocks/clamav/clamav-0.90.2/clamd/thrmgr.c
:176: undefined reference to `pthread_attr_setdetachstate'
thrmgr.o(.text+0x1ed):/common/qmailrocks/clamav/clamav-0.90.2/clamd/thrmgr.c
:177: undefined reference to `pthread_attr_destroy'
thrmgr.o(.text+0x28b): In function `thrmgr_worker':
/common/qmailrocks/clamav/clamav-0.90.2/clamd/thrmgr.c:217: undefined
reference to `pthread_cond_timedwait'
thrmgr.o(.text+0x483): In function `thrmgr_dispatch':
/common/qmailrocks/clamav/clamav-0.90.2/clamd/thrmgr.c:290: undefined
reference to `pthread_create'
*** Error code 1

Stop in /common/qmailrocks/clamav/clamav-0.90.2/clamd.
*** Error code 1

Stop in /common/qmailrocks/clamav/clamav-0.90.2.
*** Error code 1

Stop in /common/qmailrocks/clamav/clamav-0.90.2.

Thanks!

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


RE: [Clamav-users] Re: GMP MP2, digital signature FreeBSD 6.0

2007-02-14 Thread George Eliozov
Thanks!!! It was very helpful! ;) 
It was a stupid problem with path to libraries.
I configure ClamAV with script:

export CPPFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib
./configure

Thanks a lot!

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rene Berber
Sent: Thursday, February 15, 2007 12:42 AM
To: clamav-users@lists.clamav.net
Subject: [Clamav-users] Re: GMP MP2, digital signature FreeBSD 6.0

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

George Eliozov wrote:

> I have some problems with digital signatures with ClamAV 0.90.
> 
> I receiving message: "WARNING: ** GNU MP 2 or newer NOT FOUND -
digital
> signature support will be disabled!" when configuring ClamAV.

Assuming you built it yourself, look in config.log there should be some
clues
about what part of gmp it didn't find.  Should be either an include file or
a
library, usually it's easy to fix (no need to install or rebuild anything).

> I DO have installed libgmp (gmp-4.2.1). With the previous version of
clamav
> (clamav-0.88.7 and older) a digital signature works normally.

The new version does things differently in the configuration, it is more
general
and it has a lot of new tests (which do nothing useful, like looking for
Fortran) and do miss things like gmp which worked with older versions.
- --
René Berber
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF03QyL3NNweKTRgwRAgUMAKD4ECZ7IvWChc646m1PYqWMLkXTQgCfTWhU
TJ98Ztth8TqhTwbRQIl9XkA=
=A1E/
-END PGP SIGNATURE-

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


[Clamav-users] GMP MP2, digital signature FreeBSD 6.0

2007-02-14 Thread George Eliozov
Greetings,

 

I have some problems with digital signatures with ClamAV 0.90.

I receiving message: "WARNING: ** GNU MP 2 or newer NOT FOUND - digital
signature support will be disabled!" when configuring ClamAV.

I DO have installed libgmp (gmp-4.2.1). With the previous version of clamav
(clamav-0.88.7 and older) a digital signature works normally.

 

Thanks.

 

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] Freshclam stability as a daemon [was: DB Update email before actual update available?]

2006-12-29 Thread George R . Kasica
Two Linux boxes here, one Generic (used to be Caldera 2.2) and one
Fedora Core 5 been running it on both for close to 18 monthsnot
one failure that I'm aware of. Both boxes are fairly busy as well, the
caldera is an email/list/web box and the FC5 is a weather map
server/forecasting tools system (lots of CPU use and disk activity at
the top of every hour).


===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
[EMAIL PROTECTED]
ICQ #12862186
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] Re: To ClamAV Developers: donation question

2006-11-08 Thread George R . Kasica
>On Wed, 08 Nov 2006 11:14:52 -0700, you wrote:

>In message <[EMAIL PROTECTED]> Gerard Seibert
><[EMAIL PROTECTED]> wrote:
>
>>On Wednesday November 08, 2006 at 11:16:21 (AM) Sergei Lavrov wrote:
>>
>>> Some of the businesses I know do want to make
>>> donations. But is ClamAV able to issue invoice ?
>>
>>In other words, you are looking for a tax write off.
>
>You've never worked with corporate accountants, have you? 
>
>Without a paper trail, the (correct) assumption is that the money is in
>whoever approved the expense's pocket.
Agreedif I can't produce a receipt of invoice for the bean
counters, its out of my pocket. Period. Doesn't matter if its $1 or
$1000.

===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
[EMAIL PROTECTED]
ICQ #12862186
___
http://lurker.clamav.net/list/clamav-users.html


[Clamav-users] testing fails???

2006-10-21 Thread George Georgalis
my smtpd/clamd system seems to be working correctly...
no virus seen in a while, and logs of dropped viruses. :)

however, today I decided for no particular reason that I'd like
to see what my smtp rejections look like. So I tried to send
myself a virus... humph, can't get it to test positive. :-\

Can anyone explain the discrepancy below?

 # clamdscan --config-file=/usr/local/etc/clamd.conf --no-summary 
clamav-0.88.4/test/clam.exe   
/usr/pkgsrc/mail/clamav/work/clamav-0.88.4/test/clam.exe: OK
 # clamscan --config-file=/usr/local/etc/clamd.conf --no-summary 
clamav-0.88.4/test/clam.exe  
clamav-0.88.4/test/clam.exe: ClamAV-Test-File FOUND

my smtpd/clamd system uses that invocation of clamdscan. Since my
system is clearly "working", why cannot I use it on a positive
test?

// George


-- 
George Georgalis, systems architect, administrator <
___
http://lurker.clamav.net/list/clamav-users.html


Re: ?^???G Re: [Clamav-users] clamav 0.88.4 freshclamd question

2006-09-08 Thread George R . Kasica
>> the following installed and running well gmp-4.1.4.tar.gz
>
>Does that mean I can come out from under my rock now?
>
LOL...Dennis, let me apologize, I should have not hit the SEND key so
quickly here. Its just lately I see so much of the "can't/don't bother
me" type responses in so many of the lists that it makes me wonder why
people bother to post a reply if they're not helping.

We all have bad days and I'm the fiest to admit it wasn't a good one
here that day. I should have followed my own rule and let that message
sit over night.

Hope you are having a good day there.

===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
[EMAIL PROTECTED]
ICQ #12862186
___
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] Clamscan taking 14 hours to run

2006-09-07 Thread George R . Kasica
>I am running Clam on a 2.0Ghz Celeron with 256mb of memory, and 12 gb used
>of a 20gb hard drive. I started the process running and it took 14 hours
>before completing the entire drive.
>
>Here is how I called clamscan:
>clamscan --exclude=".mp3" --exclude=".jpg" --exclude=".wma" -i -r -l
>clam.out c:\
>
>
>Any help to reduce the scan time would be appreciated.
>
I'm seeing similar performance issues here and also it will reboot at
times as well if you come up with something yell.

===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
[EMAIL PROTECTED]
ICQ #12862186
___
http://lurker.clamav.net/list/clamav-users.html


Re: ?^???G Re: [Clamav-users] clamav 0.88.4 freshclamd question

2006-09-07 Thread George R . Kasica
>On Wed, 06 Sep 2006 21:04:16 -0700, you wrote:

>Wilson Kwok wrote:
>> This problem just fixed, but when I ./freshclam have another problem occur:
>>
>>   ./freshclam
>> ClamAV update process started at Thu Sep  7 11:42:45 2006
>> SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
>> See the FAQ at http://www.clamav.net/faq.html for an explanation.
>> main.cvd is up to date (version: 40, sigs: 64138, f-level: 8, builder: tkojm)
>> daily.cvd is up to date (version: 1816, sigs: 3864, f-level: 8, builder: 
>> ccordes  )
>> 
>>   What is NO SUPPORT FOR DIGITAL SIGNATURES??
>
>Your ClamAV installation was built without libgmp support. This library
>can be found here:
>
>http://www.swox.com/gmp/
>
>It needs to be built and installed before building ClamAV so you will
>have support for digital signatures. It is a very nice math library. Be
>sure to check the version requirements so that you don't install the
>wrong version.

Good note on the version Dennis, it IS version picky as I
recall...though I don't have the specifics in front of me, I know they
are in the docs that come with ClamAV. Looking at my box here I'm got
the following installed and running well gmp-4.1.4.tar.gz

Quick note as well on compile time, its also relatively a long make
and compile process at least here, so don't be in a hurry to see it
finish. I seem to recall mine took near an hour or so but again that
was on a P-III 933 box so you may likely have a faster box and better
compile time.

===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
[EMAIL PROTECTED]
ICQ #12862186
___
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] clamav scan crashes server

2006-09-07 Thread George R . Kasica
>Travis Rabe wrote:
>> And one of the lrgest complaints from going from Windows to Linux is the
>> lack of support and understanding from community groups.  WOW - so what if
>> he needs to be spoon fed?  I am sure all of us at sometime (if yoiu came
>> form WIndows) needed to be spoon fed.  If you didn't - then great and good
>> for you.
>> 
>> Spoon feed the guy, don't ridicule him.  Man.
>
>I don't see where there is any ridicule. Are you suggesting Windows 
>people are delicate little flowers than require a gentle touch? That 
>seems a bit of an insult.
>
You know I don't usually comment on behavior of folks in lists either
positive or negative but this touched a nerve here so you get to hear
it. Sorry live with it.

I've done IS for 24 years, WAY before there was an Internet as we see
it today and most of it has been in a Unix environment though I do
also work with Windows, Novell, DOS, you name it I've probably seen or
worked wit it over the years. 

Frankly, the attitudes that I see from people like Dennis today make
me wish for the way things were a few years ago. I can recall when in
most cases you asked a question and got help with it. Sometimes the
questions weren't asked in good form, were missing information, not in
good English structure (remember the Internet covers more than just
the US and English speaking countries folks) and you had to ask for
more information to help the individual but it's only recently that
I've seen people responding like Dennis here in a manner like they are
just too good to be bothered.

Simple solution to this is if you don't want to help someone just
don't say ANYTING...why make the person feel worse for asking a
question and trying to learn?? IF you're going to tell me they should
RTFM that's a cop outlikely they have or they wouldn't be
askinglet's face it docs are not perfect, neither are man pages if
someone tells me there has never been a doc or a man page that was
incorrect or missing a command line switch or option I'll be happy to
show more than one example where something was missing or wrong.

No one is suggesting that Windows folks are "delicate little flowers"
but whatever happened to common courtesy in a conversation? I'd hope
that is at least able to be expected from people that are supposedly
adults and maybe even professional IS staffI'm hoping you don't
use that sort of attitude at your day jobI know if I my staff
treated users and staff in that manner they'd be looking for new
employment in a hurrybut I guess since no one pays you to help
here you feel that you can take whatever rude condescending attitude
you please with people that are just looking for some help.

Couple last words for the whole thing.sad, embarrassing and
disgusting. Now why don't you go crawl back to whatever rock you were
sunning yourself on - we're all so sorry we bothered you with a lowly
question.

===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
[EMAIL PROTECTED]
ICQ #12862186
___
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] Re: False Positive I think

2006-02-18 Thread George R . Kasica
>On Sat, 18 Feb 2006 11:33:22 +0100, you wrote:

>"George R. Kasica" <[EMAIL PROTECTED]> schrieb im Newsbeitrag 
>news:[EMAIL PROTECTED]
>
>> what do I need to do to submit it as a false positive?
>
>submit it here: http://www.clamav.net/sendvirus.html
>
>Best regards,
> Sven
It's on its way right now.

Thank you for the quick reply.

===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
[EMAIL PROTECTED]
ICQ #12862186
___
http://lurker.clamav.net/list/clamav-users.html


[Clamav-users] False Positive I think

2006-02-17 Thread George R . Kasica
>On Fri, 17 Feb 2006 20:15:09 +0100, you wrote:

>On Fri, 17 Feb 2006 19:55:20 +0100
>"Oliver Stöneberg" <[EMAIL PROTECTED]> wrote:
>
>> ClamAV still doesn't ctach all variants of a Parite.B 
>
>Please show me an active variant of Parite.B that is not detected by
>ClamAV and at the same time is not a false positive detection of some
>3rd party scanners.
>
>Then I will owe you a beer ;-)

running 0.88 of WinClam here and am getting a hit on the following
file:

C:\Program Files\QVLINK\QVLINK32.EXE: W32.CIH.1003 FOUND

Now I've reinstalled the program (used to dl images from a casio
digital camera) from CD here (I know thats not a guarantee its free of
virii) but commercial software (Sophos) and McAffee did not complain
about itwhat do I need to do to submit it as a false positive?

Thanks,
===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
[EMAIL PROTECTED]
ICQ #12862186
___
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] Unofficial Phishing Signatures

2006-02-02 Thread George R . Kasica
>On Thu, 02 Feb 2006 19:40:17 +, you wrote:

>
>Dennis Davis wrote:
>> Very useful.  I started using these signatures on this University's
>> mail servers on Monday.  Appended below are the stats on the
>> incoming crap they stopped yesterday (Tuesday).
>>
>> Virus   Count
>> -   -
>> Total 308
>>
>> The total incoming virus count for yesterday was 512[1].  So these
>> signatures account for some 60% of what was detected.
>>
>>   
>
>Thanks for those stats :)  I'm glad they seem to be working great.  
>
>I've just done an sig update, increasing from 164 sigs to 199 sigs.
>Hopefully, they improve things a little more  :)
>
>Cheers,
>
>Steve

Steve or Dennis:

Where did you get the tool to get clamav stats? We just installed it
here and could really use something like that.

Thanks,

===[George R. Kasica]===+1 262 677 0766
President   +1 206 374 6482 FAX 
Netwrx Consulting Inc.  Jackson, WI USA 
http://www.netwrx1.com
[EMAIL PROTECTED]
ICQ #12862186
___
http://lurker.clamav.net/list/clamav-users.html


[Clamav-users] New error messages after upgrade to 0.86

2005-06-21 Thread George Chelidze

The error messages are:

sh: /usr/sbin/sendmail: No such file or directory

After fast investigation I found that SENDMAIL_BIN changed from 
"/usr/lib/sendmail" to "/usr/sbin/sendmail". The reason why I am 
affected with thi change is that I run clamd/clamav-milter under chroot 
and there was no /usr/sbin/sendmail, only /usr/lib/sendmail. Maybe it's 
a good idea to mention this change in ChangeLog for people like me?


Thanks
--
George Chelidze
___
http://lurker.clamav.net/list/clamav-users.html


[Clamav-users] Upload did not work ... sorry

2005-06-07 Thread George Chelidze

Hello,

Seems something is wrong with online scanner. I tried to upload samle 
.zip attachment invected with Trojan.Spy.Goldun.ah and got the following 
error:


Upload did not work ... sorry

Best Regards,
--
George Chelidze

___
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] Clamav-milter dies after working ok for some hours

2005-05-22 Thread George Chelidze

[EMAIL PROTECTED] wrote:

Hi

We have a fairly big sendmail+clamav+clamav-milter setup, with 15000+ 
accounts.


Since last week we are experimenting several errors with this combination. 
Tried to upgrade to latest version, with same results, so now we downgraded 
to our last "stable" situation, running clamav and milter version 0.83, and 
sendmail 8.12.8.


Basically what happens is that clamav-milter dies, and then sendmail starts 
to refuse commands.


I believe it is a 3 face thing.

First it is common to see logs like this one, but mail still works:
May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): read 
returned -1: Connection reset by remote.host.com
May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): to 
error state
May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): init 
failed to open
May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): to 
error state
May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter: initialization 
failed, rejecting commands


Some minutes laters, we start to see:
May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter (clamav): error 
connecting to filter: Connection refused by /var/clamav/clmilter.socket
May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter (clamav): to 
error state
May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter: initialization 
failed, rejecting commands
May 21 05:32:01 smtp sendmail[6018]: j4L8RRqX006018: Milter (clamav): error 
connecting to filter: Connection refused by /var/clamav/clmilter.socket
May 21 05:32:01 smtp sendmail[6018]: j4L8RRqX006018: Milter (clamav): to 
error state


When it finally dies, we see:
May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter (clamav): 
write(D) returned -1, expected 5: Broken pipe
May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter (clamav): to 
error state
May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter: 
[EMAIL PROTECTED], reject=550 5.7.1 Command rejected
May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter (clamav): local 
socket name /var/clamav/clmilter.socket unsafe
May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter (clamav): to 
error state
May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter: initialization 
failed, rejecting commands


At this point, clamav-milter is gone, and the sockets is non existant. 
Sendmail accepts connections, but refuses to receive any command.


If we restart clamav-milter, it works again smoothly for about 3-6 hours.

Any clue?

Please let us know what other information might me useful to debug this. The 
relevant configuration parts are:


clamd.conf:
 PidFile /var/run/clamav/clamd.pid
 LocalSocket /var/run/clamav/clamd.sock

/etc/sysconfig/clamav-milter:
CLAMAV_FLAGS="
--config-file=/etc/clamd.conf
--max-children=240
--force-scan
--quiet
--dont-log-clean
--noreject
--dont-scan-on-error
-ol local:/var/clamav/clmilter.socket

/etc/mail/sendmail.cf:
 Xclamav, S=local:/var/clamav/clmilter.socket, F=R, T=S:10m;R:10m;E:10m

Thanks. 
___

http://lurker.clamav.net/list/clamav-users.html



try --external

Best Regards,
--
George Chelidze

___
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] clamav-milter doesn't start after upgrade to 0.85

2005-05-13 Thread George Chelidze
Nigel Horne wrote:
On Friday 13 May 2005 11:52, George Chelidze wrote:
George Chelidze wrote:
Hello,
System: RH 7.3, kernel: 2.4.24, gcc 2.96
I tried to upgrade to 0.85 this morning. Everything compiled just fine, 
clamd started fine but clamav-milter doesn't start. It outputs the 
following in debug mode:

LibClamAV debug: Running as user clamav (UID 101, GID 11)
LibClamAV debug: pingServer-1: sending VERSION
LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Making /tmp/clamav-71886380fcea2de4
and then nothing. /tmp/clamav-71886380fcea2de4 has been created. Anyone 
seeing the same on their systems? Any ideas?

Here are my config files:
clamav-milter starts this way:
daemon /usr/sbin/chroot /usr/local/clamav /sbin/clamav-milter 
${CLAMAV_FLAGS}

clamav-milter.conf
CLAMAV_FLAGS="-c /etc/clamd.conf -nlPH unix:/ctl/clamav-milter.ctl 
--external"

clamd.conf
LogFile /var/log/clamd.log
LogFileMaxSize 20M
LogTime
LogFacility LOG_MAIL
LogSyslog
PidFile /var/run/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /bases
LocalSocket /ctl/clamd.ctl
FixStaleSocket
ExitOnOOM
MaxConnectionQueueLength 30
StreamMaxLength 10M
MaxThreads 64
ReadTimeout 180
IdleTimeout 30
MaxDirectoryRecursion 15
SelfCheck 3600
User clamav
ScanPE
ScanHTML
ScanOLE2
ScanMail
ScanArchive
ScanRAR
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200
Found a problem:
/usr/local/clamav/var/log/clamd.log was owned by root:root mode 640
versions below 0.85 did not report any problems with that, while 0.85 did:
May 13 14:39:32 ns chroot: /var/log/clamd.log: Permission denied
May 13 14:39:32 ns clamav-milter: chroot startup succeeded

Clamav-milter versions prior to 0.85 tended to not notice that permissions 
issue,
the error message is more likely to appear in 0.85. It is probable that the 
issue
has been on your machine from the year dot, but never been reported...
Yes, I think this is the case. Thanks for your help.

I have changed it to clamav:clamav 640 and now everything works fine. 
Thanks to Nigel who encouraged me to look at my logs once again. The 
reason I failed to find these messages earlier was that they were found 
in /var/log/boot.log.



--
George Chelidze
___
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] clamav-milter doesn't start after upgrade to 0.85

2005-05-13 Thread George Chelidze
Nigel Horne wrote:
On Friday 13 May 2005 11:34, George Chelidze wrote:
Nigel Horne wrote:
On Friday 13 May 2005 10:56, George Chelidze wrote:

Nigel Horne wrote:

On Friday 13 May 2005 07:21, George Chelidze wrote:

Hello,
System: RH 7.3, kernel: 2.4.24, gcc 2.96
I tried to upgrade to 0.85 this morning. Everything compiled just fine, 
clamd started fine but clamav-milter doesn't start. It outputs the 
following in debug mode:

LibClamAV debug: Running as user clamav (UID 101, GID 11)
LibClamAV debug: pingServer-1: sending VERSION
LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Making /tmp/clamav-71886380fcea2de4
and then nothing. /tmp/clamav-71886380fcea2de4 has been created. Anyone 
seeing the same on their systems? Any ideas?

Here are my config files:
clamav-milter starts this way:
daemon /usr/sbin/chroot /usr/local/clamav /sbin/clamav-milter 
${CLAMAV_FLAGS}

clamav-milter.conf
CLAMAV_FLAGS="-c /etc/clamd.conf -nlPH unix:/ctl/clamav-milter.ctl 
--external"

clamd.conf
LogFile /var/log/clamd.log
LogFileMaxSize 20M
LogTime
LogFacility LOG_MAIL
LogSyslog
PidFile /var/run/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /bases
LocalSocket /ctl/clamd.ctl
FixStaleSocket
ExitOnOOM
MaxConnectionQueueLength 30
StreamMaxLength 10M
MaxThreads 64
ReadTimeout 180
IdleTimeout 30
MaxDirectoryRecursion 15
SelfCheck 3600
User clamav
ScanPE
ScanHTML
ScanOLE2
ScanMail
ScanArchive
ScanRAR
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200

Have you restarted clamd after the installation?
sure.

Remove the file /ctl/clamav-milter.ctl (if it exists) and restart 
clamav-milter. Has
/ctl/clamav-milter.ctl been recreated?
No, it's not...
from /var/log/maillog:
May 13 10:08:58 ns sendmail[12068]: j4D68wIm012068: Milter (clamav): 
local socket name /usr/local/clamav/ctl/clamav-milter.ctl unsafe
May 13 10:08:58 ns sendmail[12068]: j4D68wIm012068: Milter (clamav): to 
error state
May 13 10:08:58 ns sendmail[12068]: j4D68wIm012068: Milter: connect to 
filters

I have checked /usr/local/clamav/ctl/clamav-milter.ctl and it doesn't 
exist. Also nothing in /usr/local/clamav/var/log/clamd.log.

What's /usr/local/clamav/var/log/clamd.log?
I didn't ask for /usr/local/clamav/ctl/clamav-milter.ctl, I asked for /ctl/clamav-milter.ctl
clamav is chrooted under /usr/local/clamav:)

Thanks,

-Nigel

--
George Chelidze
___
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] clamav-milter doesn't start after upgrade to 0.85

2005-05-13 Thread George Chelidze
George Chelidze wrote:
Hello,
System: RH 7.3, kernel: 2.4.24, gcc 2.96
I tried to upgrade to 0.85 this morning. Everything compiled just fine, 
clamd started fine but clamav-milter doesn't start. It outputs the 
following in debug mode:

LibClamAV debug: Running as user clamav (UID 101, GID 11)
LibClamAV debug: pingServer-1: sending VERSION
LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Making /tmp/clamav-71886380fcea2de4
and then nothing. /tmp/clamav-71886380fcea2de4 has been created. Anyone 
seeing the same on their systems? Any ideas?

Here are my config files:
clamav-milter starts this way:
daemon /usr/sbin/chroot /usr/local/clamav /sbin/clamav-milter 
${CLAMAV_FLAGS}

clamav-milter.conf
CLAMAV_FLAGS="-c /etc/clamd.conf -nlPH unix:/ctl/clamav-milter.ctl 
--external"

clamd.conf
LogFile /var/log/clamd.log
LogFileMaxSize 20M
LogTime
LogFacility LOG_MAIL
LogSyslog
PidFile /var/run/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /bases
LocalSocket /ctl/clamd.ctl
FixStaleSocket
ExitOnOOM
MaxConnectionQueueLength 30
StreamMaxLength 10M
MaxThreads 64
ReadTimeout 180
IdleTimeout 30
MaxDirectoryRecursion 15
SelfCheck 3600
User clamav
ScanPE
ScanHTML
ScanOLE2
ScanMail
ScanArchive
ScanRAR
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200
Found a problem:
/usr/local/clamav/var/log/clamd.log was owned by root:root mode 640
versions below 0.85 did not report any problems with that, while 0.85 did:
May 13 14:39:32 ns chroot: /var/log/clamd.log: Permission denied
May 13 14:39:32 ns clamav-milter: chroot startup succeeded
I have changed it to clamav:clamav 640 and now everything works fine. 
Thanks to Nigel who encouraged me to look at my logs once again. The 
reason I failed to find these messages earlier was that they were found 
in /var/log/boot.log.

--
George Chelidze
___
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] clamav-milter doesn't start after upgrade to 0.85

2005-05-13 Thread George Chelidze
Nigel Horne wrote:
On Friday 13 May 2005 10:56, George Chelidze wrote:
Nigel Horne wrote:
On Friday 13 May 2005 07:21, George Chelidze wrote:

Hello,
System: RH 7.3, kernel: 2.4.24, gcc 2.96
I tried to upgrade to 0.85 this morning. Everything compiled just fine, 
clamd started fine but clamav-milter doesn't start. It outputs the 
following in debug mode:

LibClamAV debug: Running as user clamav (UID 101, GID 11)
LibClamAV debug: pingServer-1: sending VERSION
LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Making /tmp/clamav-71886380fcea2de4
and then nothing. /tmp/clamav-71886380fcea2de4 has been created. Anyone 
seeing the same on their systems? Any ideas?

Here are my config files:
clamav-milter starts this way:
daemon /usr/sbin/chroot /usr/local/clamav /sbin/clamav-milter 
${CLAMAV_FLAGS}

clamav-milter.conf
CLAMAV_FLAGS="-c /etc/clamd.conf -nlPH unix:/ctl/clamav-milter.ctl 
--external"

clamd.conf
LogFile /var/log/clamd.log
LogFileMaxSize 20M
LogTime
LogFacility LOG_MAIL
LogSyslog
PidFile /var/run/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /bases
LocalSocket /ctl/clamd.ctl
FixStaleSocket
ExitOnOOM
MaxConnectionQueueLength 30
StreamMaxLength 10M
MaxThreads 64
ReadTimeout 180
IdleTimeout 30
MaxDirectoryRecursion 15
SelfCheck 3600
User clamav
ScanPE
ScanHTML
ScanOLE2
ScanMail
ScanArchive
ScanRAR
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200

Have you restarted clamd after the installation?
sure.

Remove the file /ctl/clamav-milter.ctl (if it exists) and restart 
clamav-milter. Has
/ctl/clamav-milter.ctl been recreated?
No, it's not...
from /var/log/maillog:
May 13 10:08:58 ns sendmail[12068]: j4D68wIm012068: Milter (clamav): 
local socket name /usr/local/clamav/ctl/clamav-milter.ctl unsafe
May 13 10:08:58 ns sendmail[12068]: j4D68wIm012068: Milter (clamav): to 
error state
May 13 10:08:58 ns sendmail[12068]: j4D68wIm012068: Milter: connect to 
filters

I have checked /usr/local/clamav/ctl/clamav-milter.ctl and it doesn't 
exist. Also nothing in /usr/local/clamav/var/log/clamd.log.

Thanks,
--
George Chelidze
___
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] clamav-milter doesn't start after upgrade to 0.85

2005-05-13 Thread George Chelidze
Nigel Horne wrote:
On Friday 13 May 2005 07:21, George Chelidze wrote:
Hello,
System: RH 7.3, kernel: 2.4.24, gcc 2.96
I tried to upgrade to 0.85 this morning. Everything compiled just fine, 
clamd started fine but clamav-milter doesn't start. It outputs the 
following in debug mode:

LibClamAV debug: Running as user clamav (UID 101, GID 11)
LibClamAV debug: pingServer-1: sending VERSION
LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Making /tmp/clamav-71886380fcea2de4
and then nothing. /tmp/clamav-71886380fcea2de4 has been created. Anyone 
seeing the same on their systems? Any ideas?

Here are my config files:
clamav-milter starts this way:
daemon /usr/sbin/chroot /usr/local/clamav /sbin/clamav-milter 
${CLAMAV_FLAGS}

clamav-milter.conf
CLAMAV_FLAGS="-c /etc/clamd.conf -nlPH unix:/ctl/clamav-milter.ctl 
--external"

clamd.conf
LogFile /var/log/clamd.log
LogFileMaxSize 20M
LogTime
LogFacility LOG_MAIL
LogSyslog
PidFile /var/run/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /bases
LocalSocket /ctl/clamd.ctl
FixStaleSocket
ExitOnOOM
MaxConnectionQueueLength 30
StreamMaxLength 10M
MaxThreads 64
ReadTimeout 180
IdleTimeout 30
MaxDirectoryRecursion 15
SelfCheck 3600
User clamav
ScanPE
ScanHTML
ScanOLE2
ScanMail
ScanArchive
ScanRAR
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200

Have you restarted clamd after the installation?
sure.
--
George Chelidze
___
http://lurker.clamav.net/list/clamav-users.html


[Clamav-users] clamav-milter doesn't start after upgrade to 0.85

2005-05-12 Thread George Chelidze
Hello,
System: RH 7.3, kernel: 2.4.24, gcc 2.96
I tried to upgrade to 0.85 this morning. Everything compiled just fine, 
clamd started fine but clamav-milter doesn't start. It outputs the 
following in debug mode:

LibClamAV debug: Running as user clamav (UID 101, GID 11)
LibClamAV debug: pingServer-1: sending VERSION
LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Making /tmp/clamav-71886380fcea2de4
and then nothing. /tmp/clamav-71886380fcea2de4 has been created. Anyone 
seeing the same on their systems? Any ideas?

Here are my config files:
clamav-milter starts this way:
daemon /usr/sbin/chroot /usr/local/clamav /sbin/clamav-milter 
${CLAMAV_FLAGS}

clamav-milter.conf
CLAMAV_FLAGS="-c /etc/clamd.conf -nlPH unix:/ctl/clamav-milter.ctl 
--external"

clamd.conf
LogFile /var/log/clamd.log
LogFileMaxSize 20M
LogTime
LogFacility LOG_MAIL
LogSyslog
PidFile /var/run/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /bases
LocalSocket /ctl/clamd.ctl
FixStaleSocket
ExitOnOOM
MaxConnectionQueueLength 30
StreamMaxLength 10M
MaxThreads 64
ReadTimeout 180
IdleTimeout 30
MaxDirectoryRecursion 15
SelfCheck 3600
User clamav
ScanPE
ScanHTML
ScanOLE2
ScanMail
ScanArchive
ScanRAR
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200
--
George Chelidze
___
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] clamav on Mac OS X 10.4 Server

2005-05-05 Thread George
In the end, make fails with:
In file included from ./zziplib/zzip.h:21,
 from zziplib/zzip-dir.c:18:
./zziplib/zziplib.h:91: error: parse error before "zzip_ssize_t"
./zziplib/zziplib.h:91: warning: data definition has no type or storage class
./zziplib/zziplib.h:194: error: parse error before "zzip_file_read"
./zziplib/zziplib.h:194: warning: data definition has no type or storage
class
./zziplib/zziplib.h:201: error: parse error before "zzip_read"
./zziplib/zziplib.h:201: warning: data definition has no type or storage
class
make[2]: *** [zzip-dir.lo] Error 1
I've been able to get it to build by hacking the configure and 
Makefile files to death and using a build/break method to alter the 
build environment.
Dale,
Why don't you post back your hack of "configure and Makefile", so 
others could build it themselves instead of posting binaries.

Would be appreciated.
G

I've sent an installer to several people now but it sure would be 
nice if someone would host the installer (in tar.gz format) to 
alleviate the e-mail stress I'm under due to being the only one 
being able to build it in 10.4.

-- Dale
___
http://lurker.clamav.net/list/clamav-users.html
___
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] Maybe a virus

2005-05-04 Thread George Chelidze
Alvaro Uría wrote:
Hi!
I've got a file that i've received as an attach, and it seems to be a
virus, but clamd didn't detect it as that.
That's the second time i ask for this kind of help, but i don't know if it
could be a problem of my old version of clamav (i tested it on 0.75 and
0.80).
Here i have the file (which contains a file.txt\ \ \ \ \ .exe):
http://fermat.movimage.com/virii/account_info-text.zip
TIA.
Regards,
  Alvaro Uría

___
http://lurker.clamav.net/list/clamav-users.html
Hello,
You can use online scanner at
http://test-clamav.power-netz.de to scan this files in question. 
Worm.Sober.P is found in provided example.

Best Regards,
--
George Chelidze
___
http://lurker.clamav.net/list/clamav-users.html


[Clamav-users] Size limit reached

2005-03-15 Thread George
I'm running Exim 4.5 with ClamAv 0.83
I was wondering what is happening when you get the following warning, 
or better yet - why is it happening?

Thu Mar 10 11:57:51 2005 -> WARNING: ScanStream: Size limit reached ( 
max: 10485760)

Thanks
___
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] socket-addr doesn't agree with sendmail.cf ... !!

2005-02-28 Thread George Chelidze
Dave Smith wrote:
I use Fedora Core 3. On booting up I notice an error message which
suggests a problem with the way in which ClamAV is set up. The following
four lines from the boot log give an indication of what I mean:
Feb 28 07:14:58 localhost clamav-milter: clamav-milter: socket-addr
(local:/var/clamav/clmilter.socket) doesn't agree with sendmail.cf
Your sendmail.cf might contain S=unix:/var/clamav/clmilter.socket for 
your clamav filter so change it to S=local:/var/clamav/clmilter.socket.

Feb 28 07:14:58 localhost clamav-milter: clamav-milter startup failed
Feb 28 07:14:59 localhost sendmail: sendmail startup succeeded
Feb 28 07:14:59 localhost sendmail: sm-client startup succeeded
Can anyone quickly tell me what this means and what I need to do to
correct he problem?
Thanks.
Dave
Dave Smith
Struggle - Solidarity - Socialism
E-mail: [EMAIL PROTECTED]
Tel: (868) 683-5305
SMS: [EMAIL PROTECTED] 

___
http://lurker.clamav.net/list/clamav-users.html
Best Regards,
--
George Chelidze
___
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] libclamav

2005-02-24 Thread George Chelidze

Victor wrote:
Hello,
Print's:
[EMAIL PROTECTED]:/home/victor# ldd /usr/bin/clamscan
libclamav.so.1 => /usr/lib/libclamav.so.1 (0x4001a000)
It's under /usr/lib :)
libz.so.1 => /usr/lib/libz.so.1 (0x4006)
libbz2.so.1 => /lib/libbz2.so.1 (0x40071000)
libgmp.so.3 => /usr/lib/libgmp.so.3 (0x4008)
libpthread.so.0 => /lib/libpthread.so.0 (0x400ad000)
libnsl.so.1 => /lib/libnsl.so.1 (0x400fe000)
libc.so.6 => /lib/libc.so.6 (0x40113000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x4000)
Thanks :-)
- Original Message - 
From: "Tomasz Kojm" <[EMAIL PROTECTED]>
To: "ClamAV users ML" 
Sent: Thursday, February 24, 2005 9:08 AM
Subject: Re: [Clamav-users] libclamav


___
http://lurker.clamav.net/list/clamav-users.html
_______
http://lurker.clamav.net/list/clamav-users.html
--
George Chelidze
___
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] Freshclam and Cron

2005-02-23 Thread George Chelidze
[EMAIL PROTECTED] wrote:
Freshclam via cron
What sort of update intervals are people using, and can someone show me a
working crontab entry? I've tried calling freshclam like this via a crontab
entry
06 0  * * * /usr/local/bin/freshclam
BUt it doesn't seem to work. Which means I'm probably missing somethign
obvious.
___
http://lurker.clamav.net/list/clamav-users.html
-- CUT HERE --
#!/bin/bash
sleep $[ 900 + $RANDOM % 1800 ] ; /usr/sbin/chroot /usr/local/clamav 
/bin/freshclam -u clamav --config-file=/etc/freshclam.conf --quiet

--CUT HERE --
I placed this script into /etc/cron.hourly and it works just fine. The 
command line looks a bit long because I decided to chroot 
clamd/clamav-milter/freshclam under /usr/local/clamav

Best Regards,
--
George Chelidze
___
http://lurker.clamav.net/list/clamav-users.html


Re: [Clamav-users] Reject -> 451 4.3.2 Please try again later

2005-02-11 Thread George Chelidze
Dear Clive,
Clive Messer wrote:
On Friday 11 Feb 2005 14:53, George Chelidze wrote:
Hi George,

I don't use FC3, neither rpms. I compile it from source. Both sources
(mentioned above) seems to contain the same clamav-milter.c code, so why
the last should work and the first not. #define SESSION /*bla bla bla*/
is commented in both of them so I think it's the same as #undef SESSION,
isn't it?

I don't know. What I do know is that I had the issue when I installed 
clamav-0.82 from the RPM which originally had 'SESSION' defined eg.

LibClamAV Warning: Session 0 has gone down
LibClamAV Warning: Session 0 restarted OK
LibClamAV Warning: Session 1 has gone down
LibClamAV Warning: Session 1 restarted OK
LibClamAV Warning: Session 2 has gone down
LibClamAV Warning: Session 2 restarted OK
LibClamAV Warning: Session 3 has gone down
LibClamAV Warning: Session 3 restarted OK
LibClamAV Warning: Session 4 has gone down
LibClamAV Warning: Session 4 restarted OK
LibClamAV Warning: Session 5 has gone down
LibClamAV Warning: Session 5 restarted OK
LibClamAV Warning: Session 6 has gone down
LibClamAV Warning: Session 6 restarted OK
LibClamAV Warning: Session 7 has gone down
LibClamAV Warning: Session 7 restarted OK
LibClamAV Warning: Session 8 has gone down
LibClamAV Warning: Session 8 restarted OK
LibClamAV Warning: Session 9 has gone down
connect: Network is unreachable
connect: Connection refused
connect: Connection timed out
Wed Feb  9 13:29:23 2005 -> ERROR: ScanStream: accept timeout.
Wed Feb  9 13:29:23 2005 -> ERROR: ScanStream: accept timeout.
Since rebuilding clamav-0.82 with '#undef SESSION' I no longer have a clamd 
log full of errors and a maillog full of ... eg. 
'sb75g2 sendmail[14264]: j18J8ro6014264: Milter: data, reject=451
 4.3.2 Please try again later'. 

Milter and clamd were restarted 27 hours ago after rebuild with '#undef 
SESSION'. No errors since. If '#undef SESSION' does not explain that then I 
really don't know. YMMV.
I understand your point. I have just replied to Nigel who adviced me to 
use devel-20050210 and stated that I think it wouldn't help as it's the 
same code of clamav-miter.c. Anyway, it's up and running and waiting for 
a new db update to hang it or pass through, who knows:)

Regards
Clive
Best Regards,
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Re: [Clamav-users] Reject -> 451 4.3.2 Please try again later

2005-02-11 Thread George Chelidze
Hello Clive,
Clive Messer wrote:
On Friday 11 Feb 2005 14:24, George Chelidze wrote:

Seems devel-20050209 and devel-20050210 contain the same
clamav-milter.c. AFAIK the problem is with clamav-milter, so it wouldn't
help. Anyway, I'll give it a try...

FC3 rpms rebuilt with clamav-milter.c '#undef SESSION'
I don't use FC3, neither rpms. I compile it from source. Both sources 
(mentioned above) seems to contain the same clamav-milter.c code, so why 
the last should work and the first not. #define SESSION /*bla bla bla*/ 
is commented in both of them so I think it's the same as #undef SESSION, 
isn't it?

http://www.vacuumtube.org.uk/clamav/clamav-0.82-1.2.i386.rpm
http://www.vacuumtube.org.uk/clamav/clamav-milter-0.82-1.2.i386.rpm
http://www.vacuumtube.org.uk/clamav/clamav-devel-0.82-1.2.i386.rpm
SRC RPM (with session-undef.patch)
http://www.vacuumtube.org.uk/clamav/clamav-0.82-1.2.src.rpm
Clive
Best Regards,
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Re: [Clamav-users] Reject -> 451 4.3.2 Please try again later

2005-02-11 Thread George Chelidze
Seems devel-20050209 and devel-20050210 contain the same 
clamav-milter.c. AFAIK the problem is with clamav-milter, so it wouldn't 
help. Anyway, I'll give it a try...

Nigel Horne wrote:
On Thursday 10 Feb 2005 16:52, George Chelidze wrote:

Try 0.82c or later.
which snapshot corresponds to 0.82c? I have tried devel-20050209 and
problem is still there, at least on my box.

Try tonight's.
-Nigel
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Re: [Clamav-users] Reject -> 451 4.3.2 Please try again later

2005-02-10 Thread George Chelidze
Hello Nigel,
Nigel Horne wrote:
On Thursday 10 Feb 2005 15:36, Bret wrote:
I too have been suffering from this problem, but I can't find any errors
in my clamd.log file. Just occasionally since upgrading to .82 do I
start getting these errors in my mail logs:
"Milter: data, reject=451 4.3.2 Please try again later"

Try 0.82c or later.
which snapshot corresponds to 0.82c? I have tried devel-20050209 and 
problem is still there, at least on my box.

-Nigel
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Best Regards,
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Re: [Clamav-users] Re: failed to send SCAN (null) command to clamd

2005-02-09 Thread George Chelidze
Hello,
Matias Lopez Bergero wrote:
George Chelidze wrote:
Hello Krištof,
Krištof Petr wrote:
George Chelidze wrote:
When it happens on next time, try to run clamdscan to check the clamd 
is running fine
and problem is in clamav-milter itself.

It happened again on database reload. I followed your advice and seems 
clamd is ok, clamav-milter fails. I'll try daily snapshot and reply 
back soon.

With clamdscan works OK.
I have tried the nightly snapshot a it's working good.
I have checked devel-20050209 and clamav-milter failed again. downgraded 
to 0.81. Any ideas? I can provide more information if required.

Thanks in advance.
Best Regards,
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Re: [Clamav-users] failed to send SCAN (null) command to clamd

2005-02-09 Thread George Chelidze
Hello Krištof,
Krištof Petr wrote:
George Chelidze wrote:
Hello,
I have yesterday upgraded to 0.82 on two servers (RedHat 7.3 kernel 
2.4.24) yesterday morning and everything went fine. This morning I 
found that on both servers clamd is running but viruses are not 
detected. I run freshclam from cron every hour between 15 and 45 
minutes randomly so both servers outputed the following into log files 
and stoped to work after daily update (701) was loaded between 
20:15:00 UTC Feb 8 2005 and 20:45:00 UTC Feb 2005:

Tue Feb  8 23:42:37 2005 -> No stats for Database check - forcing reload
Tue Feb  8 23:42:38 2005 -> Reading databases from /bases
Tue Feb  8 23:42:39 2005 -> Database correctly reloaded (30353 viruses)
my maillog file reports contains a lot of messages like this:
Feb  8 23:26:10 ns clamav-milter[1141]: failed to send SCAN (null) 
command to clamd
Feb  8 23:26:45 ns clamav-milter[1148]: failed to send SCAN (null) 
command to clamd
Feb  8 23:26:54 ns clamav-milter[1150]: failed to send SCAN (null) 
command to clamd

When it happens on next time, try to run clamdscan to check the clamd is 
running fine
and problem is in clamav-milter itself.
It happened again on database reload. I followed your advice and seems 
clamd is ok, clamav-milter fails. I'll try daily snapshot and reply back 
soon.

Thanks,
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Re: [Clamav-users] failed to send SCAN (null) command to clamd

2005-02-09 Thread George Chelidze
Hello Nigel,
Nigel Horne wrote:
On Wednesday 09 Feb 2005 06:40, George Chelidze wrote:

Feb  8 23:26:10 ns clamav-milter[1141]: failed to send SCAN (null) 
command to clamd

Try clamav-milter 0.82c and post the results.
Is it a known issue or just a guess?
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


[Clamav-users] failed to send SCAN (null) command to clamd

2005-02-08 Thread George Chelidze
Hello,
I have yesterday upgraded to 0.82 on two servers (RedHat 7.3 kernel 
2.4.24) yesterday morning and everything went fine. This morning I found 
that on both servers clamd is running but viruses are not detected. I 
run freshclam from cron every hour between 15 and 45 minutes randomly so 
both servers outputed the following into log files and stoped to work 
after daily update (701) was loaded between 20:15:00 UTC Feb 8 2005 and 
20:45:00 UTC Feb 2005:

Tue Feb  8 23:42:37 2005 -> No stats for Database check - forcing reload
Tue Feb  8 23:42:38 2005 -> Reading databases from /bases
Tue Feb  8 23:42:39 2005 -> Database correctly reloaded (30353 viruses)
my maillog file reports contains a lot of messages like this:
Feb  8 23:26:10 ns clamav-milter[1141]: failed to send SCAN (null) 
command to clamd
Feb  8 23:26:45 ns clamav-milter[1148]: failed to send SCAN (null) 
command to clamd
Feb  8 23:26:54 ns clamav-milter[1150]: failed to send SCAN (null) 
command to clamd

clamd reload didn't help so I decided to restart clamav-milter and 
started to catch viruses. I run clamav-milter with the following arguments:

CLAMAV_FLAGS="-c /etc/clamd.conf -nlPH unix:/ctl/clamav-milter.ctl 
--external"

here is clamd.conf:
LogFile /var/log/clamd.log
LogFileMaxSize 20M
LogTime
LogFacility LOG_MAIL
LogSyslog
PidFile /var/run/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /bases
LocalSocket /ctl/clamd.ctl
FixStaleSocket
ExitOnOOM
MaxConnectionQueueLength 30
StreamMaxLength 10M
MaxThreads 64
ReadTimeout 180
IdleTimeout 30
MaxDirectoryRecursion 15
SelfCheck 3600
User clamav
ScanPE
ScanHTML
ScanOLE2
ScanMail
ScanArchive
ScanRAR
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200
Any idea what happened and how can I avoid the same in future? Thanks in 
advance.

Best Regards,
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Re: [Clamav-users] initial configure

2005-01-10 Thread George Chelidze
Hello Arkady,
Arkady V.Belousov wrote:
Hi!
6-ñÎ×-2005 20:22 [EMAIL PROTECTED] (Jim Maul) wrote to "ClamAV users ML"
:
JM> http://www.clamav.net/abstract.html#pagestart
JM> "The package provides a flexible and scalable multi-threaded daemon, a
JM> command line scanner, and a tool for automatic updating via Internet."
 Let me rephrase myself: may I update bases manually and without running
any 3rd party beasties like web servers on my machine? How to download
Ok, I have cerefully listed through this thread and first thought the 
only acceptable method for you was to receive updates via email. (AFAIK, 
there is no such list to which you can subscribe and receive 
updates),later I have found out that ftp is acceptable so you agree to 
be connected to the internet (directly or inderectly) and fetch clamav 
updates "manually". In this case I don't understand why you don't like 
freshclam. Say there is a server on the net which supports ftp method of 
database retrieval. Do you think it will be more secure for you to 
retrieve updates from this server via ftp rather than retrieve updates 
using native freshclam? (don't think so). Ideally there are 2 ways (I 
can't think about others) to get updates online:

1. Someone/Something sends them to you/me/others via smtp/ftp/http/etc...
2. Someone/Something put these files somewhere on the net and 
you/me/others retrieve them using supported protocol pop3/ftp/http/etc...

In the first case you should be running appropriate server to accept 
this information and then use it when and how you like.

In the second case you should be running apropriate client to contact a 
server and retrieve this information for future use.

So:
1. AFAIK the first way is not available.
2. People who are so kind to update bases for you/me/others place db 
updates to predefined locations and you/me/others may retrieve them 
using http. Most of clamav users use freshclam for this purpose, you can 
create your own tool if you like.

I hope I made myself clear enough.
Just my 2 cents.

bases for manual update (preferably without online, but ftp also
acceptable)?
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Best Regards,
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Re: [Clamav-users] clamav as HTTP scanner?

2004-12-16 Thread Siju George
Hi Russel,

On Wed, 15 Dec 2004 12:00:48 -0500, roliver <[EMAIL PROTECTED]> wrote:
> There is Safesquid and SquidClamAV_Redirector. (scavr)
> 
> I use scavr with squid for a school district with great success. Neither
> Dansguardian or Safesquid can handle very heavy loads in my experience.
> 

I use Squid on an OpenBSD 3.6 proxy. Could you please help me to the
links/resources on the net that would explaining installation of scavr
on my proxy ?

Thankyou so much :))

kind Regards

Siju
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Re: [Clamav-users] clamav as HTTP scanner?

2004-12-16 Thread Siju George
Hi Freddie,

On Wed, 15 Dec 2004 09:36:03 -0800, Freddie Cash <[EMAIL PROTECTED]> wrote:
> On December 15, 2004 08:57 am, Rainer Zocholl wrote:
> > In the really meanwhile long long linear list of mail scanners
> > I only see the (non GPLed) "DansGuardian Anti-Virus Patch".
> > Do you mean that?
> > AFAIK is DansGuardian payware except for private use.
> 
> Please do at least the bare minimum research before posting things like
> the above.  Opening even the first page of the DansGuardian website
> will show that it is available free (as in no money), for anyone to use
> (at home, at work, at school, whereever).
>
> Yes, there is a commercial web content filter that uses a lot of the
>DansGuardian technology, and even employs the primary DG programmer,
>but DG is available for anybody to use, completely free, and even
>includes the sourcecode.
>

I shrugged away from using DansGuardian in my office because I found
on the page.

http://dansguardian.org/?page=copyright2

the following

DansGuardian 2 is:

* free for non-commercial use
* not free for installation by 3rd parties charging for
installation or support
* not free for commercial use
* licensed under the GPL
* copyright Daniel Barron
* is a registered trade mark of Daniel Barron 

So the THIRD item says

"not free for commercial use"

What does commercial use mean? Is it that Igot something wrong? can I
use it for my office for free?

Thankyou so much

Kind Regards
Siju
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Re: [Clamav-users] Database update question for ClamAV-Milter.

2004-11-25 Thread George Chelidze
Hello,
Wtexpo.com ClamAV wrote:
Thanks for reply. But I am still confusing. For example, why this 
replied mail is still scanned with old ClamAV 0.80/601/Mon Nov 22 
21:40:21 2004 as its mail header shown. It should be scanned with new 
ClamAV 0.80/605/Wed Nov 24 22:09:47 2004 right?
May be you can see it at this mail header too if u use mail program like
outlook/outlook express.

Now clear. Seems you haven't notified your daemon after database update. 
Make sure your freshclam.conf contains line like this:

NotifyClamd /etc/clamd.conf
Best Regards,
Edwin
- Original Message - From: "George Chelidze" <[EMAIL PROTECTED]>
To: "ClamAV users ML" <[EMAIL PROTECTED]>
Sent: Thursday, November 25, 2004 3:30 PM
Subject: Re: [Clamav-users] Database update question for ClamAV-Milter.

Hello,
Wtexpo.com ClamAV wrote:
Hello everyone,
 
I use the latest version 0.80 of ClamAV and set cron to automatically 
update the virus database. Everything is working fine. However, I 
found that although my virus database is very up to date, my 
clamav-milter is still using an old version of database. Below are 
the database version results that I got it at command prompt and my 
latest mail header.
 
Output at command prompt
 >clamd --version
ClamAV 0.80/605/Wed Nov 24 22:09:47 2004
 
Output at mail header for my latest mail
X-Virus-Scanned: ClamAV 0.80/601/Mon Nov 22 21:40:21 2004

By Nov 22 21:40:21 2004 daily 601 was the newest. So everything is ok:)
 clamav-milter version 0.80j
 on NS1.WTEXPO.NET
X-Virus-Status: Clean
 
Can anyone tell me what's wrong with my clamav-milter? How to make my 
clamav-milter automatically use the latest version of virus database?
 
Thank you,
Edwin


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Best Regards,
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Best Regards,
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Re: [Clamav-users] Database update question for ClamAV-Milter.

2004-11-24 Thread George Chelidze
Hello,
Wtexpo.com ClamAV wrote:
Hello everyone,
 
I use the latest version 0.80 of ClamAV and set cron to automatically 
update the virus database. Everything is working fine. However, I found 
that although my virus database is very up to date, my clamav-milter is 
still using an old version of database. Below are the database version 
results that I got it at command prompt and my latest mail header.
 
Output at command prompt
 >clamd --version
ClamAV 0.80/605/Wed Nov 24 22:09:47 2004
 
Output at mail header for my latest mail
X-Virus-Scanned: ClamAV 0.80/601/Mon Nov 22 21:40:21 2004
By Nov 22 21:40:21 2004 daily 601 was the newest. So everything is ok:)
 clamav-milter version 0.80j
 on NS1.WTEXPO.NET
X-Virus-Status: Clean
 
Can anyone tell me what's wrong with my clamav-milter? How to make my 
clamav-milter automatically use the latest version of virus database?
 
Thank you,
Edwin


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Best Regards,
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Re: [Clamav-users] Virus Tests from www.testvirus.org

2004-11-24 Thread George Chelidze
Hello,
Philip Ershler wrote:
On Nov 24, 2004, at 9:29 PM, Tristan Griffiths wrote:
Philip Ershler wrote:
I am running the .80 release. Tonight I ran the current set of tests 
from  www.testvirus.org.
Tests 4,5,7,8,17, and 19 got through. Any idea what's going on. The 
last time I ran this suite of
tests on the .75 release, I seem to recall it did much better.

Thanks for any thoughts,
Phil

I too am running .80 release. Only #24 and #25 got through and #25 had
the file name mangled by the procmail sanitiser
<http://www.impsec.org/email-tools/sanitizer-intro.html> anyway.
same here.
That makes me worry even more.
Maybe you miss something in your clamd/clamav-milter config files? If 
you don't mind post them to this list.

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Best Regards,
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Re: [Clamav-users] LibClamAV Warning: Broken PE header detected

2004-11-10 Thread George Chelidze

Tomasz Papszun wrote:
On Wed, 10 Nov 2004 at 11:47:59 +0300, George Chelidze wrote:
Tomasz Kojm wrote:
The way libclamav works in the case of executable files is:
1. check the file against the signature database and stop scanning if
virus is found
2. run PE parser (report broken executables; try to guess and unpack
compressed files)
One additional question here:
I get several messages a day which are marked as broken executables by 
clamav but as I-Worm.NetSky.o by kav. AFAIK it's an alias to 
Worm.SomeFool.N. Why clam doesn't detect known signature and falls to 
step 2? (Maybe a part of signature is missing because a file it's 
broken?) 

I believe so. To be sure, the samples would have to be examined.
I know your team is very busy, but anyway if you are interested in 
samples I can provide them.


I don't think clamav and kav use signatures which differs a 
lot, do they?

They surely differ.
Thanks for your time and your great product.
Best Regards,
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Re: [Clamav-users] LibClamAV Warning: Broken PE header detected

2004-11-10 Thread George Chelidze

Tomasz Kojm wrote:
On Thu, 4 Nov 2004 11:47:41 +0200 (CAT)
Jim Holland <[EMAIL PROTECTED]> wrote:

The attachment is clearly malware (the message looks like a Klez

Clearly? How do you know that? Do you have a code analyser built into
your eyes?

virus-free(fortunately it then goes on to block it because of the file
name, but that is besides the point).  Is the above report an error
with ClamAV, or is the file actually harmless because of the broken PE
header?  Would it not be desirable for ClamAV to flag such files as
being viruses (even if they are broken)?

The way libclamav works in the case of executable files is:
1. check the file against the signature database and stop scanning if
virus is found
2. run PE parser (report broken executables; try to guess and unpack
compressed files)
One additional question here:
I get several messages a day which are marked as broken executables by 
clamav but as I-Worm.NetSky.o by kav. AFAIK it's an alias to 
Worm.SomeFool.N. Why clam doesn't detect known signature and falls to 
step 2? (Maybe a part of signature is missing because a file it's 
broken?) I don't think clamav and kav use signatures which differs a 
lot, do they?

So it doesn't re-eject files without scanning just because they
seem to be broken.


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Thanks in advance.
Best Regards,
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Re: [Clamav-users] Permission denied when sending notifications

2004-11-08 Thread George Chelidze
Hello,
Jose Gervasio Gomiz wrote:
Hi everyone.
 
I'm using clamd/clamav-milter 0.80 + Sendmail 8.12.11-4.6 on Fedora Core 2.
 
I have "--postmaster-only" in /etc/sysconfig/clamav-milter, because I 
need to get email notifications when a virus is found.
 
The problem is that notifications fail. Extract from /var/log/maillog:
Nov  8 14:03:31 mail sendmail[21690]: NOQUEUE: SYSERR(clamav): can not 
chdir(/var/spool/clientmqueue/): Permission denied
ls -l /usr/sbin/sendmail
mine is:
-r-xr-sr-x1 root smmsp  661621 Nov  3 11:37 /usr/sbin/sendmail
I dought you don't have SGID turned on.
Permissions:
/etc/mail/:
-rw-r--r--  1 root root 58156 Nov  8 15:14 sendmail.cf
-r--r--r--   1 root root 39181 Nov  8 15:13 submit.cf
-rw-r--r--  1 root root127 Nov  8 15:14 trusted-users
/var/spool/:
drwxrwx---  2 smmsp  smmsp   12288 Nov  8 15:11 clientmqueue
drwxrwxr-x  2 root   mail 4096 Nov  8 15:37 mail
 
Users:
uid=46(clamav) gid=46(clamav) groups=46(clamav)
uid=51(smmsp) gid=51(smmsp) groups=51(smmsp)
 
Processes:
root 23999  0.0  1.1   7948 2860 ?S15:14   0:00 
sendmail: accepting connections
smmsp24008  0.0  0.9   6308 2408 ?S15:14   0:00 
sendmail: Queue [EMAIL PROTECTED]:00:00 <mailto:[EMAIL PROTECTED]:00:00> for 
/var/spool/clientmqueue
clamav 23570  0.0  2.3 20092 6036 ?S15:09   0:00 
/usr/sbin/clamd
clamav 23582  0.0  0.5 37784 1508 ?S15:09   0:00 
/usr/sbin/clamav-milter --dont-wait --force-scan --dont-log-clean 
--server=localhost --postmaster=postmaster --postmaster-only 
--pidfile=/var/run/clamav/clamav-milter.pid 
local:/var/run/clamav/clamav-milter.sock
 
I know that user clamav (uid 46) can't write or chdir to 
/var/spool/clientmqueue in this setup.
 
I've tried:
User clamav in /etc/mail/sendmail.cf "Trusted users" section? Doesn't work.
User clamav in /etc/mail/submit.cf "Trusted users" section? Doesn't work.
User clamav in /etc/mail/trusted-users file? Doesn't work.
Adding clamav to smmsp group? Doesn't work.
Changing /var/spool/clientmqueue permissions/ownership? Not recommended.
Running clamd as user smmsp? clamav-milter fails to start.
 
Which is the correct way to do it?
 
Thanks in advance!
 
 
Jose G. Gomiz
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
Administrador Area Internet
Compel SRL
 


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Best Regards,
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Re: [Clamav-users] Online scanner vs Sendvirus.cgi

2004-11-04 Thread George Chelidze
Hello,
Fajar A. Nugraha wrote:
George Chelidze wrote:
Seems that the scanner at sendvirus.cgi uses the DetectBrokenExecutables
option while "clamav online scanner" - not.

So is it a bad idea to enable the same in online scanner? It will save 
a little bandwidth...

Bad, because broken executables are not 100% virus.
I don't mean they should be marked as virus. The fact is that file isn't 
ok, it's already in base as broken executable.

Also bad, because it is not enabled by default on a standard installation.
We are not talking about adding this option to default options list. The 
online scanner is often used to check a file against known threats and 
if it's not detected by scanner (marked as OK) and suspected to be a new 
virus, it's submited to clamav team. Before you get back "This virus is 
already recognized..." message actually should be uploaded to server and 
should be checked once again (correct me if I am wrong) which is extra 
bandwidth and cpu power. Hope I made myself clear.

Best Regards,
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Re: [Clamav-users] Online scanner vs Sendvirus.cgi

2004-11-04 Thread George Chelidze

Tomasz Papszun wrote:
On Thu, 04 Nov 2004 at 11:48:35 +0300, George Chelidze wrote:
Hello,
I have just found a message which was trapped with sanitizer because of 
dangerous attachment (message.scr) and I thought it was a new worm. I 
checked it against clamav online scanner which reported the following:

ClamAV 0.80/572/Wed Nov 3 11:48:18 2004
ClamAV scans the file ...
Clamav-Output:
/tmp/php7TNJzC: OK
Clamav DID NOT identify your sample as malicious content
If you really think your sample is a virus or any other harmful thing 
clamav should detect please go to
http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi
and submit the virus.

I submited the sample but got the following output:
Result:
This virus is already recognized by ClamAV 0.80/572/Wed Nov 3 05:48:18 
2004 as Broken.Executable . Be careful when submitting samples and 
remember to run freshclam!
Please correct the above errors and retry.

I though I missed something and repeated the process but got the same 
result. Any ideas?


Seems that the scanner at sendvirus.cgi uses the DetectBrokenExecutables
option while "clamav online scanner" - not.
So is it a bad idea to enable the same in online scanner? It will save a 
little bandwidth...

Best Regards,
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


[Clamav-users] Online scanner vs Sendvirus.cgi

2004-11-04 Thread George Chelidze
Hello,
I have just found a message which was trapped with sanitizer because of 
dangerous attachment (message.scr) and I thought it was a new worm. I 
checked it against clamav online scanner which reported the following:

ClamAV 0.80/572/Wed Nov 3 11:48:18 2004
ClamAV scans the file ...
Clamav-Output:
/tmp/php7TNJzC: OK
Clamav DID NOT identify your sample as malicious content
If you really think your sample is a virus or any other harmful thing 
clamav should detect please go to
http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi
and submit the virus.

I submited the sample but got the following output:
Result:
This virus is already recognized by ClamAV 0.80/572/Wed Nov 3 05:48:18 
2004 as Broken.Executable . Be careful when submitting samples and 
remember to run freshclam!
Please correct the above errors and retry.

I though I missed something and repeated the process but got the same 
result. Any ideas?

Best Regards,
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Re: [Clamav-users] configure failure: libmilter directory not found?

2004-11-04 Thread George Chelidze
I configure it this way:
CPPFLAGS=-I/usr/local/src/sendmail-8.12.11/include ./configure 
--prefix=/usr/local/clamav --enable-milter

It goes just fine.
Tom D`Asto wrote:
Trying to complete the installation of clamav. I want to configure the
clamav-milter (./configure --enable-milter) for email scanning. However,
during the configure, libmilter directory cannot be located. I can't find
it either...
What do I need to do?
Tom
[EMAIL PROTECTED]
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Best Regards,
--
George Chelidze
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Re: [Clamav-users] OT: Virus page almost ready to go

2004-06-16 Thread George Chelidze
Yes we get approximately 1000 infections a day.
Best Regards,
Fajar A. Nugraha wrote:
George Chelidze wrote:
admin is notified about infection incident. 

I'm guessing you only get small amount of infections (e.g. less than 
10.000 a day) ?

Regards,
Fajar
--
George Chelidze

---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] OT: Virus page almost ready to go

2004-06-15 Thread George Chelidze
Hello Rick,
Your page is great. I think the only thing is missing is graphs. I have 
developed very simple system for clamav statistics and integrated it 
with mrtg. below is the screenshot:

http://wrath.geoweb.ge/images/vstats.gif
The system works as follows:
admin is notified about infection incident. I pipe the notification 
message to a perl script through a procmailrc file. This perl script 
retrieves usefull information from message and appends it to mysql 
table. another perl script retrieves the data for last 5 minutes from 
the table and updates a file for mrtg. mrtg executes every 5 minutes and 
draws the graph. Results are displayed using cgi script which links to 
the image generated by mrtg and selects appropriate data from table. If 
people on this list are interested, we can make it public.

Best Regards,
Rick Macdougall wrote:
Hi All,
As promised, the virus stats page is almost ready to go.  I'll clean up 
the code tomorrow or Thursday and release it GPL.

http://mail.limelyte.net/admin/virus/ for a preview.
Suggestions, critique, etc are welcomed.
Regards,
Rick

---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
--
George Chelidze

---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] ScanStream: accept timeout

2004-06-03 Thread George Chelidze
Hello,
Nigel Horne wrote:
On Wednesday 02 Jun 2004 12:57, George Chelidze wrote:

CLAMAV_FLAGS="-c /etc/clamav.conf -nlPH local:/ctl/clamav-milter.ctl"

That's the place - now do 'man clamav-milter' and look under the 'd' option and you'll
have your answer on whether the messages are failed or passed through unscanned.
Seems warnings are treated as errors in this case and as I don't use 'd' 
option it wont go through.

Thanks
-Nigel
Best Regards,
--
George Chelidze

---
This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


Re: [Clamav-users] ScanStream: accept timeout

2004-06-02 Thread George Chelidze
Hello,
Nigel Horne wrote:
On Wednesday 02 Jun 2004 06:38, George Chelidze wrote:

Also I wonder what happens to message which triggers the following warning:
WARNING: ScanStream: Size limit reached ( max: 10485760)
Is it bounced back or pass through without scanning?

That depends on the options you give to clamav-milter.
CLAMAV_FLAGS="-c /etc/clamav.conf -nlPH local:/ctl/clamav-milter.ctl"
INPUT_MAIL_FILTER(`clamav', 
`S=unix:/usr/local/clamav/ctl/clamav-milter.ctl, F=, T=S:4m;R:4m')dnl

Do you mean 'F=' part of my conf?

Best Regards,

-Nigel
Best Regards,
--
George Chelidze

---
This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


  1   2   >