Re: [Clamav-users] limiting child processes
On Tuesday 09 March 2004 11:43 am, you wrote: Is there a way to tell clamd how many children it can spawn? I don't want a server to allow more than 10 instances of clamd to run at any given time. I think you need to limit this in your MTA and/or filter package. With amavisd-new, I think this is controlled by $max_servers in amavisd.conf (someone correct me if I am wrong). If you could set a limit in Clam, then Clam would need some mechanism for queueing messages, which is extra complexity that is unnecessary since the MTA can do this anyways. JohnV --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Please help ERROR: Parse error at line 142: Unknown option Archive
On Tuesday 09 March 2004 12:31 pm, you wrote: Here is the error that I am getting. I don't understand why Archive would not be known ERROR: Parse error at line 142: Unknown option Archive. ERROR: Can't open/parse the config file /usr/local/etc/clamav.conf Well, according to the clamav.conf man page, there is no Archive option. There are options such as: ScanArchive ArchiveMaxFileSize ArchiveMaxRecursion ArchiveMaxFiles ArchiveMaxCompressionRatio ArchiveLimitMemoryUsage ClamukoScanArchive JohnV --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] problem starting clamd
I am having trouble starting clamd ... connect(): No such file or directory ERROR: Can't connect to clamd. --- SCAN SUMMARY --- Infected files: 0 Time: 0.007 sec (0 m 0 s) This looks like an error from clamdscan, not clamd. What's the full command line you are using that produces this error? JohnV --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd and Amavis-new conflict?
On Monday 08 March 2004 12:45 pm, you wrote: At every mail checked amavisd.log has a message: amavisd[950]: (00950-05) No anti-virus code loaded, skipping this section #(numbers, obviously, vary), even though clamd was started manually, the path to socket name (clamd.sock) is identical in amavisd.conf and clamd.conf, both amavisd and clamd are ran as amavisd:amavisd, and all the permissions are set correctly (I hope...) . First, make sure clamdscan works: # $CLAMPREFIX/bin/clamdscan /some/file If not, make it work before coming back to amavis. Check the bypass_virus_checks_acl and virus_lovers lines in /etc/amavisd.conf. If you commented out the other virus scanners in amavisd.conf, check the syntax carefully to ensure, for example, you didn't accidently comment out the closing );. I'm running Postfix, amavisd-new, SA, and Clam on Solaris, and had no trouble, maybe it's a Freebsd quirk. JohnV The clamd.log (debugged to the console) looks like: LibClamAV debug: Unpacking /tmp/74845765092f738c/COPYING LibClamAV debug: Unpacking /tmp/74845765092f738c/viruses.db2 LibClamAV debug: Loading databases from /tmp/74845765092f738c LibClamAV debug: Loading /tmp/74845765092f738c/viruses.db2 LibClamAV debug: set stacksize to 262144 LibClamAV debug: Stat()ing files in /usr/local/share/clamav LibClamAV debug: Stat()ing files in /usr/local/share/clamav and never adds to the last line - i.e., clamd doesn't take anything from amavisd. I am running Freebsd5.2, clamav-067-1and amavisd-new-20030616-p7. Thank you. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70alloc_id638op,ick ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: MyDoom.G detected by clamscan but not by clamd
It seems clamd had not reloaded it's virus db since the last update, it now detects the virus fine after I restarted the daemon. Stuart. You might want to check the NotifyClamd option in your freshclam.conf. JohnV --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd and Amavis-new conflict?
I cant's see children of clamd, though - does this mean, that my messages load is too low? Try showing threads. On Solaris, it's ps -elL. On Linux, it's ps -elm. On FreeBSD, hmm, I can't find thread or light weight process in the ps man page. JohnV --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail devel?
If you are on an rpm based system (Mandrake, Fedora, etc), use: # rpm -qa | grep -i sendmail and look for a sendmail-devel package. If it's not there, you need to find one that matches your version of sendmail. If sendmail came with your linux distribution (assuming you are using linux) then look for the sendmail-devel rpm in the same place you got the distro from (your install CDs, ftp server, etc). BTW, *-devel rpms only contain the extra stuff you need for compiling, so don't remove sendmail when you install sendmail-devel. soapbox On the other hand, remove sendmail and install Postfix instead. Forget rpm, compile from source. Amavisd-new is a nice package to tie Postfix to ClamAV. /soapbox John On Friday 05 March 2004 12:20 pm, you wrote: How do I tell if I have sendmail-devel installed. the clamav milter tells me to ensure that it is there. I know I am using sendmail 8.12.5 but how do I know if its devel? which sendmail and which sendmail-devel show nothing. Eric --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam error in log file
Take out the square brackets on NotifyClamd [/etc/clamav.conf]. The square brackets signify that the filename is an optional argument, so if your clamav.conf is in the default location, you could just leave the arguement out entirely: # Send the RELOAD command to clamd. NotifyClamd JohnV On Thursday 04 March 2004 08:52 am, you wrote: Hi all, New to group, tried to search previous postings for this, read everything in the docs group. I've got freshclam updating every two hours, and it seems to work fine, with one small exception. After it successfully downloads an update, I get a line in the config file that says this: 'Error Can't parse configuration file.' This is right after the line 'Database updated (20381 signatures) from database.clamav.net (###.###.###.###).' I have checked and rechecked the permissions on both clamav.conf and freshclam.conf in the /etc dir and they are set g+wr u+wrx and the owner is clamav.clamav. What does this error mean? Do I have a syntax in my config file? And if so, which one? Here are both my config files, starting with clamav.conf: -- Start of clamav.conf--- ## ## Example config file for the Clam AV daemon ## Please read the clamav.conf(5) manual before editing this file. ## # Comment or remove the line below. # Uncomment this option to enable logging. # LogFile must be writable for the user running the daemon. # Full path is required. #LogFile /tmp/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # copy the configuration file, change the LogFile variable, and run # the daemon with --config-file option). That's why you shouldn't uncomment # this option. #LogFileUnlock # Maximal size of the log file. Default is 1 Mb. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. #LogFileMaxSize 2M # Log time with an each message. #LogTime # Log also clean files. May be useful in debugging but will drastically # increase the log size. #LogClean # Use system logger (can work together with LogFile). #LogSyslog # Enable verbose logging. #LogVerbose # This option allows you to save the process identifier of the listening # daemon (main thread). PidFile /var/run/clamd.pid # Optional path to the global temporary directory. # Default is system specific - usually /var/tmp or /tmp. TemporaryDirectory /var/lib/clamav/tmp # Path to the database directory. # Default is the hardcoded directory (mostly /usr/local/share/clamav, # but it depends on installation options). DatabaseDirectory /var/lib/clamav # The daemon works in local or network mode. Currently the local mode is # recommended for security reasons. # Path to the local socket. The daemon doesn't change the mode of the # created file (portability reasons). You may want to create it in a directory # which is only accessible for a user running daemon. LocalSocket /tmp/clamd # Remove stale socket after unclean shutdown. FixStaleSocket # TCP port address. #TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. #TCPAddr 127.0.0.1 # Maximum length the queue of pending connections may grow to. # Default is 15. #MaxConnectionQueueLength 30 # When activated, input stream (see STREAM command) will be saved to disk before # scanning - this allows scanning within archives. #StreamSaveToDisk # Close the connection if this limit is exceeded. #StreamMaxLength 10M # Maximal number of a threads running at the same time. # Default is 5, and it should be sufficient for a typical workstation. # You may need to increase threads number for a server machine. #MaxThreads 10 # Thread (scanner - single task) will be stopped after this time (seconds). # Default is 180. Value of 0 disables the timeout. SECURITY HINT: Increase the # timeout instead of disabling it. #ThreadTimeout 500 # Maximal depth the directories are scanned at. MaxDirectoryRecursion 15 # Follow a directory symlinks. # SECURITY HINT: You should have enabled directory recursion limit to # avoid potential problems. FollowDirectorySymlinks # Follow regular file symlinks. FollowFileSymlinks # Do internal checks (eg. check the integrity of the database structures) # By default clamd checks itself every 3600 seconds (1 hour). SelfCheck 600 # Execute a command when virus is found. In the command string %v and %f will # be replaced by the virus name and the infected file name respectively. # # SECURITY WARNING: Make sure the virus event command cannot be exploited, # eg. by using some
Re: [Clamav-users] Freshclam Error messages
Even though you are running as root, freshclam drops privileges to user clamav. Therefore, user clamav must be able able to write to Clam's data directory, which is at $PREFIX/share/clamav. It should look something like this: # ls -l /opt/clamav/share/clamav -rw-r--r-- 1 clamav clamav 32727 Mar 4 09:19 daily.cvd -rw-r--r-- 1 clamav clamav 944351 Feb 29 12:38 main.cvd See also the --datadir and --user options in freshclam.conf. The Security warning means you didn't have the Gnu MP library when you compiled freshclam; it's optional but highly recommended. Get it from http://www.gnu.org/software/gmp/. JohnV On Thursday 04 March 2004 09:56 am, you wrote: When I try to run freshclam on a Solaris 8 SPARC I get the following errors. nemo# freshclam ClamAV update process started at Thu Mar 4 10:37:56 2004 SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES Reading CVD header (main.cvd): OK ERROR: Can't open new file ./fe2c2591272a5315 to write open: Permission denied ERROR: Can't download main.cvd from 210.22.201.152 Waiting 10 seconds... ClamAV update process started at Thu Mar 4 10:38:07 2004 SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES Reading CVD header (main.cvd): OK ERROR: Can't open new file ./d83a9adaea65e446 to write open: Permission denied ERROR: Can't download main.cvd from 210.22.201.152 Waiting 10 seconds... ClamAV update process started at Thu Mar 4 10:38:18 2004 SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES Reading CVD header (main.cvd): OK ERROR: Can't open new file ./068506789e044f1f to write open: Permission denied ERROR: Can't download main.cvd from 210.22.201.152 Waiting 10 seconds... What did I miss? Thanks, Steve Plemmons [EMAIL PROTECTED] --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] email report
clamav sends an email to... Nobody. That's the job of your MTA and filter package. I'm using postfix and amavis-new, what are you using? You can likely just change the line for postmaster in /etc/aliases, and run newaliases. JohnV -Original Message- From: Raul Elizondo [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 3:14 PM To: [EMAIL PROTECTED] Subject: [Clamav-users] email report Hi, Quick question. By default, clamav sends an email to the sender, receiver and the postmaster. How do i change the [EMAIL PROTECTED] to another address? Thanks -=Raul=- --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users