Re: [clamav-users] feedback on Installing ClamAV instructions

[Peter Bonivart]

On Mon, Nov 28, 2016 at 6:56 PM, Joel Esler (jesler)  wrote:
> There are a number of package maintainers for ClamAV on Solaris. The 
> installation method differs for each.
>
> I tried to figure out what this was saying a couple of times.
> I've decided that it's trying to say that there are a couple of
> competing packagings of ClamAV for Solaris. (Initially I thought it
> was trying to say that there are multiple package management systems
> for Solaris.)
>
> Assuming I'm right, it would be better to say "Multiple groups have
> packaged ClamAV for Solaris."
> OTOH, if it's trying to talk about competing package management
> systems, then, something like "There are a number of package
> management systems for Solaris, and thus packages of ClamAV."
>
> Would you like to download the latest virus pattern definitions during 
> installation ? (This requires that you have a direct connection to the 
> Internet. If you are behind a proxy server then skip this step.)
>
> It feels like this is missing a section heading. (perhaps it should be
> inside the block below?)
> There's also something odd with the *space* before the `?`
>
> The block itself /feels/ like output from one of the package
> management systems, if so, it probably should identify which one...

I think that the long (Solaris) install output is from Andy's packages
he produced for Citrus IT. I'm not sure they are available any more,
the output shows ClamAV 0.92 and I can't find anything about it on
Citrus IT's web site. If this section can't be verified I think it's
better to remove it since it doesn't help Solaris users, there's not
even a link there.

The section about OpenCSW is current though (I'm the maintainer).
We're at 0.99.2.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] CentOS 7 EPEL Packages

[Peter Bonivart]

On Fri, Jan 15, 2016 at 10:33 PM, Walter H.  wrote:
> that sounds quite surprising to me; as I did this with the EPEL repository
> but with CentOS 6
> and had no problems;

Even though it's the same guy packaging ClamAV for both CentOS 6 & 7
he's gone crazy splitting it for 7 and it's not a good experience
using it anymore.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] CentOS 7 EPEL Packages

[Peter Bonivart]

On Fri, Jan 15, 2016 at 10:54 PM, John Zimmerman  wrote:
> Yeah.  I'm not sure I mind it being split, but there seems to be
> inconsistencies, missing config files, wrong username, bad or no systemd
> files etc
>
> Working off of this right now:
> http://linux-audit.com/install-clamav-on-centos-7-using-freshclam/  so I
> can update a puppet module to make this work appropriately on CentOS 7.

Wish I had that link when I fought it a couple of months back.

> Not sure if it was appropriate to do, but I put a bug report into RedHat's
> bugzilla for EPEL as well:
> https://bugzilla.redhat.com/show_bug.cgi?id=1299072

I think it's the right thing to do. If I remember correctly it worked
out of the box for CentOS 6 and now it's a mess for 7.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Interesting report from clamscan after adding new database

[Peter Bonivart]

On Thu, Oct 15, 2015 at 5:55 PM, Gene Heskett  wrote:
>> http://sanesecurity.co.uk/foxhole-databases/
>
> Unfortunatly, nothing seems to be linked, the only thing I can save is
> the web page itself with either iceweasel or chromium.  And I did enable
> cookies, in chromium, to no avail.

That's just a page describing that particular set of signatures.
Click the Usage-menu above to get scripts to download any signatures
you want. Freshclam can't download these for you.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] 0.98.5 installation error

[Peter Bonivart]

On Wed, Nov 19, 2014 at 10:54 AM, nikos ni...@qbit.gr wrote:
 ERROR: This tool requires libclamav with functionality level 79 or
 higher (current f-level: 77)

Maybe you have multiple libclamav's on your system and it links with
the old one?
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Version 0.98.3 fails on Solaris

[Peter Bonivart]

On Thu, May 8, 2014 at 5:23 PM, Shawn Webb sw...@sourcefire.com wrote:
 I can install Solaris on this sparc64 machine as early as next week.

OpenCSW provides a complete Solaris build farm if you're interested,
we used to host automatic builds for ClamAV before Sourcefire aquired
it.

http://www.opencsw.org/extend-it/signup/to-upstream-maintainers/
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] Freshclam error when trying to write to log file

[Peter Bonivart]

On Mon, Jun 3, 2013 at 1:57 PM, Wietse Jorissen
wietse.joris...@gmail.com wrote:
 -rw-r--r--. 1 clam   clam   0 jun  2 03:50 clamd.log
 -rw-r--r--. 1 clamav clamav 59314 mei 12 03:13 clamd.log-20130512
 -rw-r--r--. 1 clamav clamav 59926 mei 19 04:41 clamd.log-20130519
 -rw-r--r--. 1 clamav clamav 40383 mei 24 16:43 clamd.log-20130526
 -rw-r--r--. 1 clamav clamav  3295 mei 29 11:17 clamd.log-20130602
 -rw-r--r--. 1 clam   clam   0 jun  2 03:50 freshclam.log
 -rw-r--r--. 1 clamav clamav  6006 mei 12 03:13 freshclam.log-20130512
 -rw-r--r--. 1 clamav clamav  5940 mei 19 04:41 freshclam.log-20130519
 -rw-r--r--. 1 clamav clamav  3733 mei 26 03:50 freshclam.log-20130526
 -rw-r--r--. 1 clamav clamav  6274 jun  2 03:50 freshclam.log-20130602

You have the classic mess of ClamAV from two sources, one using clam
as the user and the other clamav. You need to sort out which packages
you want to use, remove the others and stick with it.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] Freshclam updates failing

[Peter Bonivart]

On Tue, Jun 25, 2013 at 5:19 PM, Denis McMahon denismfmcma...@gmail.com wrote:
 So the issue is that apparmor is blocking freshclam?

 After adding:

   /etc/resolv.conf r,
   /etc/network/nameservers r,

 in:

 /etc/apparmor.d/local/usr.bin.freshclam

 freshclam updated fine!

I asked you a few days ago SELinux or similar?...
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Freshclam updates failing

[Peter Bonivart]

On Sat, Jun 22, 2013 at 2:55 PM, TR Shaw ts...@oitc.com wrote:

 On Jun 22, 2013, at 8:52 AM, Denis McMahon wrote:

 On 22/06/13 04:10, Dennis Peterson wrote:
 On 6/21/13 5:45 AM, Denis McMahon wrote:

 appear to suggest that my dns is fine (these are included in the log). I
 have another machine on the LAN which updates fine.

 What do you get if you run freshclam --list-mirrors ?

 $ sudo freshclam --list-mirrors
 Can't read mirrors.dat
 $


 Permissions?

SELinux or similar?
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] GTUBE message detection

[Peter Bonivart]

On Wed, Apr 10, 2013 at 9:54 AM, Paul Whelan paul...@blakecomp.co.uk wrote:

 On 9 Apr 2013 at 11:12, Steve Basford wrote:

 Hi All,

 Couple of updates..

 I've just check end the Sanesecurity.TestSig.GTUBE signature name had
 accidentally been renamed to Sanesecurity.TestSig.10616

 I have, however, removed the checks for GTUBE, so at least ClamAV and
 Third-Party sigs are now consistent.

 Given that a large proportion of the Sanesecurity sigs detect spam, phishing, 
 and other junk
 mail (and folks use them as such), wouldn't it be useful to include a 
 standard spam test
 signature by default?

It seems to be very controversial if ClamAV should include signatures
for other things than classic malware. Why not have some kind of
classification of the signatures and let us control what we download
via Freshclam?

/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] New Version of ClamAV

[Peter Bonivart]

On Wed, Mar 20, 2013 at 6:42 PM, Robert Lopez rlopez...@gmail.com wrote:
 Bot net member identification and blocking.
 Block email from spoofed in-our-domain-sender sent from outside our domain
 when it is equal to one of list of recipients.

Why do you want this in ClamAV when other tools like RBLs and
SpamAssassin already can do the above?

/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] False Positive - Osx.Exploit.Iosjailbreak

[Peter Bonivart]

On Sat, Feb 16, 2013 at 1:29 AM, Tilman Schmidt
t.schm...@phoenixsoftware.de wrote:
 Am 14.02.2013 14:17, schrieb Daniel McDonald:
 But for the majority of us, It's not just potentially unwanted, it is simply
 unwanted.  If I had wanted an open phone, I would have bought an Android.

 That does of course heavily depend on your definition of us.
 I take it that it doesn't include me or anyone in my virtual
 vicinity. :-)

 IOW, please don't claim you represent the majority without
 substantiation.

Since jailbreakers are way below 50%, probably less than 5%, I think
he's clearly right claiming to belong to a majority.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Solaris 10 UFS Support?

[Peter Bonivart]

On Wed, Jan 23, 2013 at 11:59 AM, Joseph, Matthew (EXP)
matthew.jos...@lmco.com wrote:
 Hello,

 Does anyone know if ClamAV supports the UFS File system?

As far as I know it doesn't operate on that level so if it runs on a
certain OS it supports any file system that OS supports, if you can
mount it ClamAV can scan it. And it does run on Solaris.

/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] DLP scan configuration using clamscan

[Peter Bonivart]

On Sun, Sep 23, 2012 at 5:55 PM, Fredrich Maney fredrichma...@gmail.com wrote:
 Is there a better way to do this that I'm overlooking?

Using clamDscan?
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] [Clamav-announce] Announcing ClamAV 0.97.6

[Peter Bonivart]

On Mon, Sep 17, 2012 at 9:28 PM, Joel Esler jes...@sourcefire.com wrote:
 Dear ClamAV users,

 ClamAV 0.97.6 includes minor bug fixes and detection improvements.

Wasn't bug 5252 important enough to warrant a minor release? Lots of
us had to run patched versions and looking at the change log you fixed
a bunch of stuff including 5252 in a couple of weeks after 0.97.5 and
then nothing happened for two months when you fixed another bug and
made a release. How you just went quiet in the bug notes while so many
had big problems makes me wonder how this project is managed nowadays.

/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Compiling and installing from an NFS mount

[Peter Bonivart]

On Wed, Mar 14, 2012 at 6:14 PM, Forrest Aldrich for...@gmail.com wrote:
 There you go making life difficult for yourself again.  Why not set up
 your own ClamAV database mirror?

 I'm not sure how to do this; however, we have only about 4 or 5 machines
 that poll for virus updates.   And the mirror would be private (not publicly
 accessible).

Just run freshclam on a machine having a web server on it. Then point
freshclam on your scanning machines to that machine.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Untit Testing

[Peter Bonivart]

On Mon, Feb 6, 2012 at 8:39 PM, Reynolds, David C.
david.c.reyno...@saic.com wrote:
 I've recently installed .97.3 on an SGI Origin 3000 running TRIX v6.5.28 
 using gcc 3.2.1. (I did need to make some source file modifications).   I was 
 able to run clamscan against a directory seemingly without error.

 However, I would like to run some tests which would indicate catching an 
 infected file without actually putting an infected file on our system.  This 
 is a totally Trusted Irix environment.

 I've had problems trying to build the check package as recommended in the 
 ClamAV documentation in this IRIXS environment.  Any suggestions as to how 
 run some unit tests that would indicate that an infected file would actually 
 be found?

Use eicar, the test virus:

http://eicar.org/86-0-Intended-use.html

/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Lightweight version of clamav

[Peter Bonivart]

On Mon, Nov 21, 2011 at 11:28 PM, Shobana Narayanaswamy
snar...@opnet.com wrote:
 Hi:

 I want to run ClamAV on a FreeBSD based appliance. However, it appears to
 have a performance impact that is significant (cpu/mem).
 Is there a lightweight version? Or can I possibly limit the virus
 definitions to only FreeBSD related and exclude the windows definitions - so
 it does
 not have to read the entire definitions file for each check?

I assume you're running clamscan, it has a horrible startup time. Try
running clamd, it will load the virus db once, then you use clamdscan
instead of clamscan as a client. Much faster.

/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Obfuscated IP address.

[Peter Bonivart]

On Mon, Sep 19, 2011 at 6:46 PM, Bernd Petrovitsch
be...@petrovitsch.priv.at wrote:
 That's the whole problem as both are legal and correct (as in
 RFC-compliant) form.
 And you want to flag it as spam?

Regardless of form I would call it spam since I've never seen legit
numeric links. I've had my own SA rule for the common form for a long
time now and it has served me well, I will probably expand that to
include this form.

/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] announcing ClamAV 0.97.1

[Peter Bonivart]

On Thu, Jun 9, 2011 at 5:12 PM, Christopher X. Candreva
ch...@westnet.com wrote:
 On Thu, 9 Jun 2011, Luca Gibelli wrote:


 Dear ClamAV users,


 This is a bugfix release recommended for all users. Please refer to the
 ChangeLog file for details.

 Download : http://downloads.sourceforge.net/clamav/clamav-0.97.1.tar.gz

 FYI to any Solaris users, my compile failed on Solaris 10 x86, gcc 4.6.0

It compiled fine with Sun Studio on 5.9/10 sparc/i386. Packages available here:

http://buildfarm.opencsw.org/experimental.html#bonivart

 I've opened ticket 2921
 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2921

I can't access that.

/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] clamd abending

[Peter Bonivart]

On Mon, Apr 4, 2011 at 6:26 AM, David Alix david.a...@isc.ucsb.edu wrote:
 I'm running clamav 0.97/12943 on Solaris 9.  Twice today, clamd has abended.
  I can find no error message in the log files indicating the problem.  Is
 anyone else seeing this, or have any suggestions on how to troubleshoot
 this?

You could give this package a try: http://www.opencsw.org/packages/CSWclamav/

Here's how to install if you're not already an OpenCSW user:
http://www.opencsw.org/get-it/pkgutil/

/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Database reload improvement

[Peter Bonivart]

On Fri, Mar 11, 2011 at 2:03 PM, aCaB aca...@digitalfuture.it wrote:
 On 03/10/11 20:58, Peter Bonivart wrote:
 You could give our ClamAV package a try:

 http://www.opencsw.org/packages/CSWclamav/

 Guys,
 Anybody tried?

 I'd be very interested in hearing the results.

I have obviously tried my own packages ;) and if timestamps from
clamd.log are to be trusted it's 3 seconds every time:

Thu Mar 10 11:16:42 2011 - Reading databases from /var/opt/csw/clamav/db
Thu Mar 10 11:16:45 2011 - Database correctly reloaded (915866 signatures)

Thu Mar 10 15:21:45 2011 - Reading databases from /var/opt/csw/clamav/db
Thu Mar 10 15:21:48 2011 - Database correctly reloaded (915861 signatures)

Thu Mar 10 17:45:25 2011 - Reading databases from /var/opt/csw/clamav/db
Thu Mar 10 17:45:28 2011 - Database correctly reloaded (915985 signatures)

Thu Mar 10 21:46:11 2011 - Reading databases from /var/opt/csw/clamav/db
Thu Mar 10 21:46:14 2011 - Database correctly reloaded (916108 signatures)

Fri Mar 11 03:24:49 2011 - Reading databases from /var/opt/csw/clamav/db
Fri Mar 11 03:24:52 2011 - Database correctly reloaded (916124 signatures)

I also looked at a couple of servers where the hardware is 3-4 years
old and they took 5-7 seconds to reload. But they have a high load
from all mail related services they do, probably they could shave off
a second or two if tested separately.

/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Database reload improvement

[Peter Bonivart]

On Fri, Mar 11, 2011 at 2:07 PM, Martin Preen
pr...@informatik.uni-freiburg.de wrote:
 Sorry, but currently I can't use these package on that
 system (because of the library/package/path dependencies).

Not sure what you mean here? Everything from OpenCSW installs
separately from the rest of Solaris and doesn't affect it all, you
could very well install our ClamAV package and test it on the same
system where you have your own.

You just install pkgutil as a package manager and it will then pull in
ClamAV and all dependencies with one command (pkgutil -i clamav).
Think apt-get/yum.

/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Database reload improvement

[Peter Bonivart]

On Thu, Mar 10, 2011 at 8:52 PM, Martin Preen
pr...@informatik.uni-freiburg.de wrote:
 Platform information
 
 uname: solaris2.10
 OS: solaris2.10, ARCH: sparc, CPU: sparc
 Full OS version:                        Solaris 10 1/06 s10s_u1wos_19a SPARC
 zlib version: 1.1.4 (1.1.4)
 platform id: 0x0e663c3c14000580

 Build information
 -
 Sun studio: (0.5.128)
 CPPFLAGS: -I/opt/bzip2/include
 CFLAGS: -g
 CXXFLAGS:
 LDFLAGS:
 Configure: '--prefix=/opt/clamav' '--sysconfdir=/etc'
 '--datadir=/var/clamav' '--enable-bigstack' '--disable-rpath'
 '--with-dbdir=/var/clamav' '--with-user=nobody' '--with-group=nogroup'
 '--with-libncurses-prefix=/opt/sfw' '--with-libbz2-prefix=/opt/bzip2'
 --enable-ltdl-convenience
 sizeof(void*) = 4
 Engine flevel: 60, dconf: 60

You could give our ClamAV package a try:

http://www.opencsw.org/packages/CSWclamav/

/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] daily database broken again

[Peter Bonivart]

On Sat, Mar 5, 2011 at 11:11 PM, Dennis Peterson denni...@inetnw.com wrote:
 Though there is no free VM tool for Mac - Fusion is dirt cheap.

VirtualBox is free and runs on Mac, it can even host Mac vm's.

/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] 0.96.5 compilation problem on Solaris 10

[Peter Bonivart]

On Wed, Dec 8, 2010 at 6:08 PM, Armitage, Jon jon.armit...@bskyb.com wrote:
 Edwin, I hope this makes sense to you, I'm a sysadmin, not a programmer, so 
 I'm not sure what the differences mean.

If you want to avoid the hassle you can use pre-built binary packages
from OpenCSW. We have ClamAV in our repository including it's
dependencies. Note that we for the moment only have 0.96.4 since
0.96.5 is in testing, soon to be released.

Basically you just do pkgutil -i clamav to install it.

More info here:

OpenCSW: http://www.opencsw.org/
Install pkgutil: http://www.opencsw.org/get-it/pkgutil/
ClamAV package page: http://www.opencsw.org/packages/CSWclamav/
0.96.5 test package: http://buildfarm.opencsw.org/experimental.html#bonivart

/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Upcoming release of ClamAV (0.96.5)

[Peter Bonivart]

On Mon, Nov 22, 2010 at 3:12 PM, Tomasz Kojm tk...@clamav.net wrote:
 You can help by testing (or just running ./configure  make check) the
 latest code available in our Git repository - the latest snapshot
 tarball can be grabbed here:

 http://git.clamav.net/gitweb?p=clamav-devel.git;a=snapshot;h=refs/heads/master;sf=tgz

I got this on Solaris 10 i386 using the latest development tarball
http://www.clamav.net/snapshot/clamav-devel-latest.tar.gz (which I
assume is pretty much the same as the link above?).

configure: Summary of detected features follows
  OS  : solaris2.10
  pthreads: yes (-lpthread)
configure: Summary of miscellaneous  features
  check   : no (auto)
  clamuko : yes
  fdpassing   : 1
  IPv6: yes
configure: Summary of optional tools
  clamdtop: -L/opt/csw/lib -lncurses -R/opt/csw/lib
  milter  : yes
configure: Summary of engine performance features)
  release mode: yes
  jit : no (auto)
  mempool : yes
configure: Summary of engine detection features
  autoit_ea06 : yes
  bzip2   : ok
  zlib: /usr
  unrar   : yes
[configure-modulated] complete for clamav.

...

SKIP: check_clamav
PASS: check_freshclam.sh
PASS: check_sigtool.sh
SKIP: check_unit_vg.sh
PASS: check1_clamscan.sh
PASS: check2_clamd.sh
PASS: check3_clamd.sh
PASS: check4_clamd.sh
SKIP: check5_clamd_vg.sh
SKIP: check6_clamd_vg.sh
SKIP: check7_clamd_hg.sh
SKIP: check8_clamd_hg.sh
SKIP: check9_clamscan_vg.sh
==
All 6 tests passed
(7 tests were not run)
==

r...@sol10[trunk]# freshclam -V
ClamAV devel-csw-0.96.5/12307/Tue Nov 23 12:13:30 2010

r...@sol10[trunk]# clamdscan /root/eicar/*
/root/eicar/eicar.com: Eicar-Test-Signature FOUND
/root/eicar/eicar.com.txt: Eicar-Test-Signature FOUND
/root/eicar/eicar_com.zip: Eicar-Test-Signature FOUND
/root/eicar/eicarcom2.zip: Eicar-Test-Signature FOUND

--- SCAN SUMMARY ---
Infected files: 4
Time: 0.038 sec (0 m 0 s)


/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] safe_clamd

[Peter Bonivart]

On Thu, Oct 14, 2010 at 1:05 PM, Luca Gibelli l...@clamav.net wrote:
 Hello,

 starting from the 0.96.2 release, our source tarball includes a script to
 automatically restart clamd in case the daemon crashes.

In Solaris, we use SMF (Service Management Facility). It keeps state
of services regardless of patching, reboots or processes dying, if you
want a service enabled/disabled it will try to keep it that way. Every
service also gets its own log file.

Only reason for me to use your script would be with Solaris 9 or older
which didn't have SMF.

/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Some questions about clamav update

[Peter Bonivart]

On Tue, Jul 6, 2010 at 9:32 PM, JD jd1...@gmail.com wrote:
 All in all, these packages are just not ready for the non-techie user!!

So complain to the packager then.

-- 
/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Peter Bonivart]

On Wed, Apr 21, 2010 at 10:39 PM, Christopher X. Candreva
ch...@westnet.com wrote:
 IMHO, open source projects don't have a business side.

 Opensource projects exist for the developers to get the software they need,
 faster, through colaboration with others. If anyone else finds it usefull
 that's an added bonus. But if no one other than the devs use it themselves,
 the project has fullfilled it's purpose.

 Adding business value is the job of the distros, or Apple if they include
 it, or myself as an ISP. That's why I said before I think the real let-down
 here are the distros that didn't do anything about it.

 Extreme ? Maybe, but that's why I use open-source, for getting best of
 breed, newest, breaking with history when needed.

Well put. Luckily I read your post just before having to mute yet
another endless thread on this list.

-- 
/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] You have been unsubscribed from the clamav-users mailing list

[Peter Bonivart]

On Mon, Apr 19, 2010 at 10:13 AM, Giampaolo Tomassoni
giampa...@tomassoni.biz wrote:
 Forcefully unsubscribing people is not a fair way to silence them. Not even
 explaining why is even worse.

...on the other hand the description of this mailing list is
obtaining support for UNIX platforms. In my mind you have no
interest in receiving or delivering support.

Please let the complaining end now. Let's get back to the support this
list used to be about. The last couple of days the volume has been 10
times the normal amount and of no interest to me.

-- 
/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] You have been unsubscribed from the clamav-users mailing list

[Peter Bonivart]

On Mon, Apr 19, 2010 at 10:49 AM, Jeroen Ticheler
jeroen.tiche...@geocat.net wrote:
 Hi Peter,
 Although I don't agree with aggressive emails, I do myself have serious 
 problems that started on exactly the 15th. Since then my mail server has 
 become completely unreliable and an upgrade to 0.95.3 has not resolved my 
 problems yet. I notice I am not the only person that has a problem with the 
 EOL and I can understand a strong traffic increase because of this. Maybe 
 more care had to be taken with regards to this EOL change...

I sincerely hope you receive the support you need, that's what the list is for.

-- 
/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Re: Centralized Linux Antivirus server for Windows XP Clients

[Peter Bonivart]

Raja Muhammad Hammad wrote:

does ClamAV support the given scenario?


You don't need any extra software to do that. Just install Clam on all 
machines. On the master server you update from official internet 
mirrors. On the slave servers you update from the master server running 
Apache and the workstations update from the slave servers, also running 
Apache of course.


--
/Peter Bonivart

--Unix lovers do it in the Sun
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Exploit.W32.MS05-002 False Positives

[Peter Bonivart]

jef moskot wrote:
On Wed, 9 Feb 2005, Maxim Britov wrote:
P900\Beyonce Knowles - Crazy In Love (2).wav: Exploit.W32.MS05-002 FOUND
I don't know, but size is ~50-100KB.
If they're tiny files, are you sure they're actually wavs?
My guess is they are ring signals for the Sony Ericsson P900 mobile phone.
--
/Peter Bonivart
--Unix lovers do it in the Sun
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Requesting Recommendations (clamav, amavis, spamassassin, sendmail, procmail, etc)

[Peter Bonivart]

Robin Lynn Frank wrote:
Peter Bonivart wrote:

 Grow up. I gave pertinent, and truthful, advice to the question, 
that is
all.

To quote your earlier post:
There's plenty of happy Postfix users running MailScanner, the Postfix
author doesn't like the way MailScanner interacts with its queues and
Postfix users who do not use MailScanner are quick to judge. Anyway, if
you don't have a very good reason for using Postfix, stay with Sendmail
since it's faster than Postfix with MailScanner. It has to do with
Postfix using only one queue file per message and MailScanner having to
rewrite the whole file. 
1.  The author of postfix has described in detail, how the manner in
which mailscanner manipulates the queue can result in loss of mail.  Yes
there are postfix users who like mailscanner and will continue to like
it...until the first time they lose meail.
2.  Reason to use postfix over sendmail?  Compare vulnerability histories.
Pertinent information?  Maybe, but biased and completely overlooking
security and technical issues.
At least keep your quotes straight. Matt wrote the part about pertinent 
information, not me! For the rest of it, post on the MailScanner list if 
you want to discuss it with Postfix users, I didn't even recommend using 
Postfix here so we should agree on that even if your feelings were hurt.


You gave a short warning that is proven wrong by many happy users, if
you call that all the fancy things above it's your choice. You have a
very short fuse Matt.
Matt is very laid back compared to me.
Yes, you're even more of a jackass. Write me offlist if you have a 
problem since this is off topic on this list.

--
Robin Lynn Frank - Director of Operations - Paradigm-Omega, LLC
Website:   http://www.paradigm-omega.com/
RSS:   http://paradigm-omega.blogspot.com/atom.xml
Spamtraps: http://paradigm-omega.net/cgi-bin/custmail.cgi
=
In a perfect world there would be no random taglines.

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

--
/Peter Bonivart
--Unix lovers do it in the Sun
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Requesting Recommendations (clamav, amavis, spamassassin, sendmail, procmail, etc)

[Peter Bonivart]

Matt wrote:
 I never said there weren't. Working, however, and working reliably in a
consistent and permanent fashion, are completely seperate things.
 I have no dislike of MailScanner, but to recommend it to someone to
use with a certain MTA when it is known to run the risk of
losing|corrupting email with that MTA, however remote the chance, is
stupidity and borderline negligent.
I didn't recommend Postfix, I recommended Sendmail so I won't bother to 
answer your other remarks.

 Anyhow, back to my original point to the Lady who asked, MailScanner is
perfectly happy with any other MTA. Amavis should work with any MTA. You
also have Xamime, which will work with all except Qmail, as far as I know.
Thanks for telling me even though I didn't ask.
 Anyhow, since you were the first one to do the handbag swinging, who has
a certain software combination fetish and is the one being jugdemental?
Handbag swinging? I didn't even reply to your post, but to hers so who's 
trying to pick a fight here? Out of the software she herself mentioned I 
think Sendmail and MailScanner makes the better pair but that doesn't 
mean I have a fetish for that combo. About being judgemental, that 
Postfix is the slowest MTA when used with MailScanner is well tested, 
much more so than the reliability problems. I also tried to explain why 
that is so, just so that I wouldn't come across judgemental and 
anti-Postfix which I'm not.

 And as for being a Postfix user, I am also an Exim and a Sendmail
user.
Ok, but I still didn't reply to your post so I'm not sure what that 
information is for.

 Grow up. I gave pertinent, and truthful, advice to the question, that is
all.
You gave a short warning that is proven wrong by many happy users, if 
you call that all the fancy things above it's your choice. You have a 
very short fuse Matt.

--
/Peter Bonivart
--Unix lovers do it in the Sun
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Requesting Recommendations (clamav, amavis, spamassassin, sendmail, procmail, etc)

[Peter Bonivart]

Diane Rolland wrote:
Ken  Matt; Thanks for the tips; this was exactly what I was looking for!!!
MailScanner looks Extremely promising! (And it was a breeze to install).
I think I'll still be ablt to use ProcMail for the business mail rules.
Make sure to subscribe to the MailScanner list also, you can find it on 
the web site, it's a very friendly list where people ask questions about 
pretty much everything concerning a mail server.

There's plenty of happy Postfix users running MailScanner, the Postfix 
author doesn't like the way MailScanner interacts with its queues and 
Postfix users who do not use MailScanner are quick to judge. Anyway, if 
you don't have a very good reason for using Postfix, stay with Sendmail 
since it's faster than Postfix with MailScanner. It has to do with 
Postfix using only one queue file per message and MailScanner having to 
rewrite the whole file.

The ruleset feature in MailScanner is very powerful and might save you 
from using procmail.

Almost every user of MailScanner also uses Clam so you will find your 
setup well supported.

--
/Peter Bonivart
--Unix lovers do it in the Sun
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] DNS behind a firewall

[Peter Bonivart]

Sakshale eQuorian wrote:
Correct - That was before I updated.  I was simply showing that the 
proxy updates were working
at that time.  However, not that I've updated I get the error listed above;
   ERROR: Can't query current.cvd.clamav.net
OK, what do you get when you issue freshclam -v? This is mine, note that 
I use a proxy too.

# freshclam -v
Current working dir is /usr/local/share/clamav
Max retries == 3
ClamAV update process started at Thu Nov 11 14:09:46 2004
TTL: 900
main.cvd version from DNS: 27
Software version from DNS: 0.80
Connecting via proxy.xxx.xx
main.cvd is up to date (version: 27, sigs: 23982, f-level: 2, builder: 
tomek)
TTL: 900
daily.cvd version from DNS: 585
Connecting via proxy.xxx.xx
daily.cvd is up to date (version: 585, sigs: 2485, f-level: 3, builder: 
trog)
Freeing option list...done

--
/Peter Bonivart
--Unix lovers do it in the Sun
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] DNS behind a firewall

[Peter Bonivart]

Sakshale eQuorian wrote:
I was running 7.0 without any problems.
I updated to 8.0, but it appears that the new DNS functions;
   DatabaseMirror database.clamav.net
   DNSDatabaseInfo current.cvd.clamav.net
don't work with the proxy routines.
--
freshclam daemon 0.80 (OS: solaris2.9, ARCH: sparc, CPU: sparc)
ClamAV update process started at Wed Nov 10 13:50:18 2004
ERROR: Can't query current.cvd.clamav.net
main.cvd is up to date (version: 27, sigs: 23982, f-level: 2, builder: tomek)
ERROR: Can't query current.cvd.clamav.net
daily.cvd is up to date (version: 584, sigs: 2477, f-level: 3, builder: trog)
--
I have the following fields defined in the freshclam configuration file:
# Proxy settings
HTTPProxyServer proxy.example.com
HTTPProxyPort 8080
HTTPProxyUsername username
HTTPProxyPassword password
--
These worked for getting updates with 7.0;
--
Received signal 14, wake up
ClamAV update process started at Tue Nov  9 20:36:18 2004
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
main.cvd is up to date (version: 27, sigs: 23982, f-level: 2, builder: tomek)
daily.cvd updated (version: 582, sigs: 2467, f-level: 3, builder: ccordes)
WARNING: Your ClamAV installation is OUTDATED - please update immediately !
WARNING: Current functionality level = 2, required = 3
Database updated (26449 signatures) from database.clamav.net.
Clamd successfully notified about the update.
--
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Looks like you're running an older version than you think you are, 
otherwise you shouldn't get:

WARNING: Your ClamAV installation is OUTDATED - please update immediately !
Check for multiple installations at different locations. Did 0.80 
install in a different place than 0.70?

By the way, it's version 0.70 and 0.80, not 7.0 and 8.0.
--
/Peter Bonivart
--Unix lovers do it in the Sun
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Notification E-mail

[Peter Bonivart]

Jonathan Pitcher wrote:
Is it possible to send a message onto the user that they had an e-mail
blocked?  Or to an admin stating that [EMAIL PROTECTED] had a virus sent to
them?
http://www.mailscanner.info
--
/Peter Bonivart
--Unix lovers do it in the Sun
---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Scan time limits?

[Peter Bonivart]

Sean Hafeez wrote:
I have a 384k line and someone is trying to send me a 100mb pdf. Can I 
set the time line higher or set it to just let the file thru?
Mail wasn't meant for file transfer and certainly not for those sizes. 
Have them put the file on a web server so you can download it from there.

--
/Peter Bonivart
--Unix lovers do it in the Sun
---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] freshclam wont work

[Peter Bonivart]

david thompson wrote:
If you type echo $PATH you will see that the search path is not the 
same for you as an ordinary user and you as super user. 
I typed echo $path and got a blank.
That's why I wrote PATH, with caps, not path.
# echo $path
# echo $PATH
/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin
--
/Peter Bonivart
--Unix lovers do it in the Sun
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink  Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] freshclam wont work

[Peter Bonivart]

david thompson wrote:
I typed the correct echo...  and got
linux:/home/david # echo $PATH
/usr/sbin:/bin:/usr/bin:/sbin:/usr/X11R6/bin
Do I need to change or move the freshclam to /usr/bin or can I add to 
the above 'echo $PATH'?

If I can add to the $PATH how is this done?
If you compare that with my search path you see that you lack 
/usr/local/bin and that's why you can't start freshclam by just typing 
freshclam alone. Type the complete path and the problem is solved. You 
should run freshclam from cron anyway. Type man crontab to learn more 
about that.

This really has nothing to do with Clam since it seems to work for you. 
You need to bump up your Unix skills a couple of notches. There's plenty 
of online material that help with this kind of stuff.

--
/Peter Bonivart
--Unix lovers do it in the Sun
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink  Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Some help for a newbie regarding configuration files

[Peter Bonivart]

Dana Millaway wrote:
Many thanks to those who responded my question on and off-list.  I seem to
have gotten the right file edited although I cannot be positive until I see
some of my normal mail from TechRepublic that was getting snagged.  I stand
corrected as to our anti-spam package.  We are running MailScanner that only
pulls in SpamAssassin if the sender is on 2 or more RBL's, if I have
interpreted the MailScanner.conf file correctly.  The section that had the
HTML Forms was in the Anti-virus setting portion but that appears to be the
only place I needed to tweak.  There were a lot of new options added to this
version of ClamAV compared to the version we were running.  
Have you asked on the MS list? You seem a little confused about how MS 
and Clam works together. Ask on that list instead, almost every MS user 
also uses Clam so you will get better help for your setup I think.

--
/Peter Bonivart
--Unix lovers do it in the Sun
Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.32.5,
SpamAssassin 2.64 + DCC 1.2.50, ClamAV 0.75.1 + GMP 4.1.2, Vispan 1.4
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink  Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] freshclam wont work

[Peter Bonivart]

david thompson wrote:
I have just installed clamav-0.75 on SuSE 9.
I have tested it by scanning the clamav-0.75 dir, and it found the test 
viruses-everything seemed ok.  This was until I I su'd and typed freshclam.

Bash reports that the command freshclam cannot be found.
Freshclam is found when run as ordinary user, but of cause you cant 
update like this.
If you type echo $PATH you will see that the search path is not the 
same for you as an ordinary user and you as super user.

Find the freshclam binary by using locate freshclam or this:
# rpm -qa | grep clam
clamav-0.75.1-1mdk
# rpm -ql clamav-0.75.1-1mdk | grep freshclam
/usr/bin/freshclam
Note that you might have several different Clam packages and they may be 
named differently on your system, mine is Mandrake.

--
/Peter Bonivart
--Unix lovers do it in the Sun
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink  Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Idea for more timely virusdb updates

[Peter Bonivart]

Jeremy Kitchen wrote:
or scrap the whole idea all together :)
Maybe the best thing written on the subject today! ;-) j/k
But really, what's the problem? Shouldn't big time folks complain to 
the commercial companies to whom they pay for service and still they got 
updates later than Clam? Instead hundreds of mails are written here with 
one solution more far out than the other.

Please, I *think* you might have caught the attention of the developers 
by now so please let them think about this for a moment. They still beat 
everyone else so I just want to say thank you. Everything works great! 
In combination with MailScanner which checks inside zip files and blocks 
executables I stopped all the viruses even before Clam was updated. From 
what I have seen from reading this list for some time many of you seem 
to rely to heavily on too few layers of protections. Maybe that's why 
you must have the updates immediately with no regard to server load or 
maybe I missed the solution that took care of that one too in the flood 
of mail. Premium servers for a fee is the best solution I have seen so far.

No offence meant to anyone in particular.
--
/Peter Bonivart
--Unix lovers do it in the Sun
Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.32.5,
SpamAssassin 2.63 + DCC 1.2.50, ClamAV 0.75.1 + GMP 4.1.2, Vispan 1.4
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink  Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Another upgrade question.

[Peter Bonivart]

Ken Goods wrote:
I'm running Sendmail, Mailscanner, Spamassasin, and Clamav (0.70rc-1). I
would like to upgrade Clamav. Tried yum but it continues to tell me there
are no updates available. So on to plan two. I'm going to install from the
RPMs but wasn't exactly sure of the process.
This is my plan.
1. Stop Mailscanner (which will effectively stop Sendmail and Clamav,
correct?)
2. Save my current clamav.conf to /tmp
3. rpm -e clamav
4. rpm -Uvh new clamav-db rpm package
5. rpm -Uvh new clamav package
6. copy clamav.conf back to /etc
6. restart Mailscanner
You could stop just MS and let Sendmail run so your server still 
receives mail if you want to. If the packages are two different builds 
you're correct about removing the old one completely. Remember to 
compare the two clamav.conf files so you don't miss any options in the 
new one by overwriting it with your old one.

By the way, clamav.conf is only used by clamd which you're not using 
with MS. Concentrate on freshclam.conf instead.

Should be a simple five minute upgrade. Post on the MS list if you need 
more help.

--
/Peter Bonivart
--Unix lovers do it in the Sun
Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.32.5,
SpamAssassin 2.63 + DCC 1.2.50, ClamAV 0.75.1 + GMP 4.1.2, Vispan 1.4
---
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav problems

[Peter Bonivart]

charles x.morrissey wrote:
thanks for the reply, isn't this the current release?
freshclam daemon 0.74 (OS: darwin7.4.0, ARCH: ppc, CPU: powerpc)
clam daemon 0.74 (OS: darwin7.4.0, ARCH: ppc, CPU: powerpc)
friday... i don't see a newer version available. can someone help?
It's the current *stable* release, I think he meant that you should try 
the current snapshot. Go here and download the latest one:

http://www.clamav.net/snapshot/
--
/Peter Bonivart
--Unix lovers do it in the Sun
Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.31.6,
SpamAssassin 2.63 + DCC 1.2.50, ClamAV 0.73 + GMP 4.1.2, Vispan 1.4
---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Lib GNU MP on Solaris

[Peter Bonivart]

Thomas Jackson wrote:
According to the FAQ and the configure script I need to install GNU MP
on my Solaris 8 system so that clam will support digital signatures.  

I've installed GMP 2.0.2, 3.1, and 4.1.3 on test systems and none will
satisfy the configure script.  What am I missing?
Did you set ABI to 32 so you didn't compile in 64 bit mode, if so Clam 
can't find it. It's mentioned in the docs.

--
/Peter Bonivart
--Unix lovers do it in the Sun
Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7,
SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4
---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Any idea??? Clamav MailScanner are not rejecting viruses!

[Peter Bonivart]

Alfredo Rivera wrote:
- Clamav seems to be working, if I download an infected file to any directory 
on my server and scan with clamscan, it is detected
Then it's not a Clam problem since MS uses Clam in the simplest possible 
way.

- Mailscanner  spamassassin seem to be working since the number of spam 
messages now is very small. When I type top I can see from time to time 
MailScanner running.
You should have several (at least two depending on configuration) 
MailScanner processes running at all times. Check with ps -ef | grep 
MailScanner.

Two questions, what would be the name of the clamav service that I should see 
when typing top? How do I start it?
Clamscan is invoked just in time for scanning of attachments, if 
you're server is not busy chances are you will never see clamscan listed 
with top. MS doesn't use any virus scanner in daemon mode so you don't 
have to start anything. Check your mail log to see what's going on when 
you send those test messages.

Thank you very much for any help that you guys can give me. I'm going crazy 
trying to properly configure this!!
It's easier if you post on the MS list. ;-)
--
/Peter Bonivart
--Unix lovers do it in the Sun
Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7,
SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4
---
This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the
one installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Any idea??? Clamav MailScanner are notrejecting viruses!

[Peter Bonivart]

Nigel Horne wrote:
On Friday 11 Jun 2004 23:28, Marcelo Mujica wrote:
Hi:
How to verify clam is ok in sendmail. I installed from rpm ( binary packages
and ports) and I got same result ??. Is necessary to add additionals lines
to sendmail.cf??
Download the source from www.clamav.net and follow the instructions in
.../clamav-milter/INSTALL
But if he's using MailScanner he should join that list if clamscan works 
from the command line.

www.mailscanner.info
--
/Peter Bonivart
--Unix lovers do it in the Sun
Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7,
SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4
---
This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the
one installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamav 0.72 on Solaris 9: Bus Error on zip files?

[Peter Bonivart]

Alex S Moore wrote:
On Fri, 11 Jun 2004 16:22:34 +0200
[EMAIL PROTECTED] (Christer Mort Boräng) wrote:
I've installed clamav 0.72 on our new shiny SunFire 880 running
Solaris 9, but for some reason it gives a Bus Error when trying to
read zip files.
clamav is compiled using /opt/SUNWspro/bin/cc as a compiler, libz is
the standard that Sun provides (1.1.4).
I do not know why you have this error.  What I do know is that my shiny new V210 
(much smaller budget:) with Solaris 9 4/04 and the recommended patches from last 
month works fine.  At least, it seems to.
I sent myself the test virus with the eicar virus for both password protected zip file 
and within a zip.  Clamav found both virus.  If you have a specific virus email that 
you can send me, I would be glad to let it run through and see what happens.
I also built clamav with Sun's compiler, Studio 8 to be exact.  However, I am using the libz and libbz2 libraries from blastwave.org.  I doubt that will matter, since I have used Sun's libraries in the past.  I build the clamav pkg for that group, so you are welcome to give that a try.
I have also compiled it with Solaris 9. I used gcc though.
--
/Peter Bonivart
--Unix lovers do it in the Sun
Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7,
SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4
---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Do I need anything else to reject viruses?

[Peter Bonivart]

Alfredo Rivera wrote:
I have a question, I've installed Clamav 0.72 and Mailscanner on my linux 
server but it is still accepting viruses. Do I need anything else to reject 
them?
Please join the MailScanner list if you think you're problem is there 
(if Clam can scan eicar.com locally it is).

One more question (not related to clamav but I'd appreciate any hand on 
this), I try to stop the e-mail service by typing service sendmail stop but 
I get the message sendmail service unrecognized. What other name would use 
my sendmail service?
If you used the RPM installation you control everything with service 
MailScanner 

--
/Peter Bonivart
--Unix lovers do it in the Sun
Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7,
SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4
---
This SF.Net email is sponsored by: GNOME Foundation
Hackers Unite!  GUADEC: The world's #1 Open Source Desktop Event.
GNOME Users and Developers European Conference, 28-30th June in Norway
http://2004/guadec.org
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problems with clamav-0.71 and Digital Sigs

[Peter Bonivart]

Darren Honeyball [ML] wrote:
On Solaris 9...
I've downloaded, compiled and installed gmp-4.1.3
but doing a ./configure on clamav-0.71 gives:
checking for __gmpz_init in -lgmp... no
checking for mpz_init in -lgmp... no
WARNING: GNU MP 2 or newer NOT FOUND - digital signature support will be 
disabled !

Thoughts/Comments?
Did you compile GMP as 32 bit? Otherwise it will not match Clam (if you 
can't compile that in 64 bit mode). Set ABI=32 when you configure GMP.

--
/Peter Bonivart
--Unix lovers do it in the Sun
Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7,
SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4
---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Question regarding virus detection

[Peter Bonivart]

Jim Maul wrote:
There is something that is causing clamav to not be able to detect this
virus after the message has been bounced and now forwarded.
Damaged bounces are not dangerous. Why bother making signatures for them 
when you don't make money showing how many viruses you detect?

--
/Peter Bonivart
--Unix lovers do it in the Sun
Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7,
SpamAssassin 2.63 + DCC 1.2.45, ClamAV 0.70 + GMP 4.1.2, Vispan 1.4
---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamav and microsoft exchange.

[Peter Bonivart]

Bora wrote:
Peter, I know that mailscanner has documentation for everything except with
qmail, do know where I can find it?
I think these are the guys who added support for qmail to MailScanner, 
they package the whole thing also:

http://opencomputing.sourceforge.net/

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7,
SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav...

[Peter Bonivart]

bruce wrote:
we're new to clamav and trying to get a better understanding. we've looked
through the clamav docs and from our understanding, the app appears to be a
mail server oriented spam/virus app. is this pretty much the case..??
Clam's primary target is mail servers, yes.

we're looking for an open source app that can be used to do
virus/trojan/etc protection for the linux/windows desktop... kind of like
mcafee/symantec/norton/etc...
The only open source and up to date virus scanner is Clam. Several of 
the commercial alternatives have free versions for personal use but I 
guess that will not work for you.

Look here for work going on to broaden the reach of Clam:

http://www.clamav.net/3rdparty.html#pagestart

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7,
SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] w32.netsky.x

[Peter Bonivart]

Daniel Corbe wrote:
Today, my users are getting hammered with W32.Netsky.X and I don't see 
that clamav's virus definitions have this one even after I do a freshclam.
Netsky is called Somefool in Clam.

http://article.gmane.org/gmane.comp.security.virus.clamav.virusdb/302

It's easy to find from here (link on Clams web site):

http://news.gmane.org/gmane.comp.security.virus.clamav.virusdb

You can sign up on that mailing list also to be updated.

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7,
SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] SMTP proxy

[Peter Bonivart]

WipeOut wrote:
I am guessing you are meaning something to sit in front of your SMTP 
server that will scan the mail for viruses and then if clean pass the 
mail onto the mail server..

I am looking for the same thing but so far I haven't found anything to 
do it.. It seems that everything wants to integrate with the mail server..
http://www.mailscanner.info

Works great!

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7,
SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70RC + GMP 4.1.2, Vispan 1.3
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] virus names (any reference?)

[Peter Bonivart]

Henry Harvey wrote:
I'm looking at the ClamAV website and can't
find info. Where do I check how ClamAV
calls these viruses?
The best place right now is the archive for the virus db update list. 
You can search there for the Clam name, often names of commercial 
products are mentioned there.

http://news.gmane.org/gmane.comp.security.virus.clamav.virusdb

There's also work being done on a web site with just the info you're 
requesting.

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7,
SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70RC + GMP 4.1.2, MailStats 0.25
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Virus Names

[Peter Bonivart]

Diego d'Ambra wrote:
And that is what we'll (try to) do in the future (if a common name has
been established). 
But that would break statistics. I don't mind if the name is different 
as long as it can be cross-referenced. Someone was working on a web site 
with just that but I haven't heard of any news for some time.

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2, MailStats 0.25
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: Application to generate CLAMAV report

[Peter Bonivart]

Craig Daters wrote:
Okay, I discovered that all of the logging is being done in 
/var/log/maillog as opposed to /var/log/messages, and once I pointed 
grep to the right file, then all has become well in the universe.
I wouldn't have dared posting about that. ;-)

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2, MailStats 0.25
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Time of signature in Virus DB Search

[Peter Bonivart]

I just noticed the new Virus DB Search function on the web site. That's 
great, I will use that often but could you add the date and time (GMT) 
the signature was added. I often get asked by managers when Clam added a 
signature for comparison with other scanners and it would make it real 
easy to find.

Thanks!

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2, MailStats 0.25
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] New varient of password compressed virus

[Peter Bonivart]

Michael Torrie wrote:
In another escalation of the arms war, the latest variant of
password-encrypted archive virus now distributes itself in an encrypted
rar file, and the password is an attached bitmap to eliminate the
possibility of using the password in the body of the message to open the
archive in antivirus programs.
WinZip can't open rar, can it? That means very few desktop users will be 
able to get to the virus. I will gladly block all rar files since I have 
never seen them used for anything else than cracked games and so on.

At his rate, I give e-mail another year of usefulness.  So much for the
usefulness of attachments too.  Thanks a lot spammers and virus
writers.  The good news is we'll have to replace SMTP with a better,
more robust, and more secure system.
I'm sure Microsoft is ready to provide us with something new. ;-)

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] segmentation fault on clamav-0.67 on Solaris

[Peter Bonivart]

Piotr Kasztelowicz wrote:
I attempt to compile clamav-0.67 on Solaris 2.7 on sparc
wirh newest gmp, gcc-3.2 and zlib. The compilation was
going without problems, but the software does not work.
If I was attempting to try 'freshclam' or 'clamscan'
the effect was 'segmentation fault'
My question - what is wrong
If you run ldd /usr/local/freshclam you will see that a couple of 
needed libs are missing, like libclam and libgmp. They are located in 
/usr/local/lib, you need to include /usr/local/lib in your LD_LIBRARY_PATH.

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Couple of questions regarding ClamAV

[Peter Bonivart]

Jason wrote:
Couple of questions about ClamAV.
Can someone give me a run down on stability of ClamAV? Is it pretty much 
just set it up and let it run? Reliability? Performance. A daemonized 
version of software was very important to me, that is why im looking at 
ClamAV.
I recommend you take a look at MailScanner, it's a framework that 
handles unpacking MIME attachments and sends batches of attachments to 
Clam (or any combination of around 20 supported scanners) so Clam is 
only used in it's most basic and robust mode which is pure file 
scanning. It's great and very configurable. There are ports for FreeBSD 
as well. I recommend plugging in SpamAssassin also.

http://www.mailscanner.info

It's actually much easier than what you're doing now and it scales with 
your needs.

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Virus listing

[Peter Bonivart]

David Gregg wrote:
Does anybody know how/where to obtain a listing of all viruses that ClamAV
'knows' about?
sigtool -l

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Virus List

[Peter Bonivart]

Chris A wrote:
Is there a way to display a list of virii that the current pattern files 
protect against?
sigtool --list-sigs

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: clamav-devel-20040217.tar.gz build error on Solaris

[Peter Bonivart]

Amos wrote:
I got the 64-bit CFLAGS settings from when compiled gmp, and they worked 
for 0.65.
Try compiling GMP in 32-bit mode (mentioned in Clam docs) and you should 
be OK.

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Postfix gateway to clamav

[Peter Bonivart]

Guillaume JULLIEN wrote:
Trying to install clamav on a Debian, what gateway should I use :
Amavisd-new, IVS-Milter, Mailscanner, Sagator or clamdmail ?
I have only used MailScanner but I have no need investigating others 
since it rocks! I haven't set it up on Debian but on other Linuxes and 
it works just fine.

Here are the official packages for Debian:

http://packages.debian.org/unstable/mail/mailscanner.html

The web site for MailScanner is:

http://www.mailscanner.info

If you have specific MailScanner questions you can sign up on that list.

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] GNU MP 3

[Peter Bonivart]

FreshClam wrote:
Do you know where I can find RH 7.3 package of GNU MP 3? Thanks! 
ftp://speakeasy.rpmfind.net/linux/redhat/7.3/en/os/i386/RedHat/RPMS/gmp-4.0.1-3.i386.rpm
ftp://speakeasy.rpmfind.net/linux/redhat/7.2/en/os/i386/RedHat/RPMS/gmp-3.1.1-4.i386.rpm
--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam and Daemontools

[Peter Bonivart]

Jason Frisvold wrote:
Because I like the way I can control qmail and clamd via daemontools...
 
And freshclam stopping is, to me, a major issue.  If it stops and I'm unaware that it has stopped, then I run the risk of missing a vital virus definition update...
Try reading my posts again and you might see what I mean. Are you aware 
that you can run freshclam as a daemon or not as a daemon? If you choose 
not to run it as a daemon and instead run it from crontab it can never 
stop because it's launched when it's supposed to do it's job, therefore 
you don't have to monitor it.

I still can't see the benefit of running it as a daemon.

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam and Daemontools

[Peter Bonivart]

Odhiambo Washington wrote:
* Jason Frisvold [EMAIL PROTECTED] [20040218 19:00]: wrote:

Hi all!

	Is there a way to set up Daemontools to monitor and run freshclam? 
Similar to how clamd is set up with daemontools?  I want to ensure that
freshclam never dies for no apparent reason...


Why do I feel that that would be outrageous? Are you saying that you
want freshclam permanently connected to the db servers? How are you
looking at it?
Running it in daemon mode and monitoring that the daemon is still 
running doesn't mean you're connected to the db servers at all time. 
Where did you get that from?

But it does seem strange that Jason is afraid of the daemon stopping and 
want to monitor that, why not just run it from crontab? What's the 
benefit of running the daemon?

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam and Daemontools

[Peter Bonivart]

Jason Frisvold wrote:
Why use daemontools to keep qmail or clamd running?  There's always that
off chance that something might cause the daemon to die unexpectedly... 
An obscure bug perhaps...  And if it happens, I want to ensure that the
daemon is brought back up automatically.  At least, I *thought* that's
what daemontools was for...  Am I mistaken?  (I'm rather new to
daemontools)
No, in your original post you wrote about using daemontools for the 
freshclam daemon. I understand perfectly that you want to be sure qmail 
and clamd are running, but freshclam? It has been known to stop and why 
implement another system to keep it running when you can run it from 
crontab? Just don't run it at 0 minutes like everyone else. ;-)

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ClamAV versions

[Peter Bonivart]

Doug Hardie wrote:
I have been running with devel-20040209 for a week or so since 0.65 
didn't meet my needs.  The development version does.  However, 0.66 has 
now been released.  Is it based on 0.65 or the development branch?
The development branch. It should be like 20040211. Remember though that 
it was forced out early due to security concerns so it had some new code 
disabled (OLE2 and Dazuko).

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.66 + GMP 4.1.2
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] 0.66

[Peter Bonivart]

Fajar A. Nugraha wrote:
Yes, quite right. I'm surprised you still remember that.
:-)

BTW, what cc do you use? Sun cc or gcc? Whatever it is, you had to 
install a c-compiler first, right?
standard Solaris with no addition whatsoever can not build clamav.
I find acceptable if I had to get something first to build clamav (in 
this case : gcc, zlib, gmp, and gnu shutils).
I use gcc and I'm fine with adding *documented* requirements (like GMP 
for example which adds a feature if present). This, however, is not 
documented and it doesn't really need an add-on to work.

I find it NOT acceptable if I have to hack the source code personally 
before compiling.
That's how it is now.

That's why I'm not complaining about id -u.
You don't have to, a couple of us did though and...

That's what I think anyway. Although a fix in source-code (or Makefile) 
to be solaris-id compatible wouldn't hurt either :)
...the developers listened and are going to change it to a truly 
portable solution using sed.

Thank you devs and thank you too, Fajar, for providing Solaris packages.

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.66 + GMP 4.1.2
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES

[Peter Bonivart]

Mário Luis Ghoneim wrote:
What does it means?
It means it can't check the digital signatures. It downloads the updates 
anyway but you can't be sure they have not been compromised.

How can I to solve it?
Download GMP here: http://www.swox.com/gmp

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.66 + GMP 4.1.2
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56alloc_id438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] 0.66

[Peter Bonivart]

Fajar A. Nugraha wrote:
Scratch that. It is fixed on devel-20040213. It compiles OK on Solaris, 
AIX, and OSF now.
Thanks :)
I have to disagree. The id -u problem with Solaris is still in that 
snapshot, I just tried it. I think you mentioned earlier that you use 
GNU id and you probably have that in your path so it works but for the 
rest of us it doesn't. I would like /usr/xpg4/bin/id to be used when 
it's compiled on Solaris. It's standard and it supports -u.

It's the Makefiles in the database directory that contains the 
problematic id commands. If I edit them to /usr/xpg4/bin/id I can run 
make install with no errors.

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.66 + GMP 4.1.2
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: Clamav-users digest, Vol 1 #385 - 17 msgs

[Peter Bonivart]

[EMAIL PROTECTED] wrote:
my clamd is in /usr/local/sbin/, but I will try to install first then
change the path.
Thanks.
Did you just send us a 700+ line mail to add those lines? Have you heard 
of trimming the original?

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.66 + GMP 4.1.2
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Error during make install of 0.66

[Peter Bonivart]

I upgraded to 0.66 yesterday and during make install I noticed a problem 
regarding the id command, it complained about not supporting the -u 
option. I have had no problems though, so I'm not really sure what it 
was used for. Clamscan and freshclam, which is what I use, works just fine.

But could you on Solaris use /usr/xpg4/bin/id instead? That one supports -u.

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.66 + GMP 4.1.2
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] 0.66?

[Peter Bonivart]

I have been happy with my 0.65 so far but it seems on this list that the 
new dailys catch more viruses than the latest stable so I'm interested 
in upgrading but can I trust the dailys? How stable are they, can they 
be broken like the CVS?

Is there a date for the release of 0.66 yet?

How about a simple roadmap on the web site for future versions of Clam, 
main features you want in every release and an estimated release time?

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.61 + DCC 1.2.21, ClamAV 0.65 + GMP
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Mailscanner, sendmail 8.12, split input queues

[Peter Bonivart]

Kevin Spicer wrote:
Peter, I'm going to have to slightly disagree with you on that,
certainly as far as my MailScanner Mandrake boxes are concerned.  The
bahaviour I see is that mail sent by programs that call sendmail
directly (as opposed to having their own SMTP engine) is queued in the
clientmqueue (on Mandrake, maybe thats mqueue-client on other systems)
before being picked up by the incoming sendmail, which in turns queues
it in mqueue.in (where it is picked up by MailScanner).  As far as I can
see the incoming (i.e. listening) sendmail keeps an eye on the
clientmqueue and grabs anything it finds there. 
You're correct, I tried to over-simplify it to the point where it got wrong.

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.61 + DCC 1.2.21, ClamAV 0.65 + GMP
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Mailscanner, sendmail 8.12, split input queues

[Peter Bonivart]

Bill James wrote:
Mailscanner directly edits the mail queues is why it needs this

I personally use Postfix and it is NOT recommended to use Mailscanner is
it is known to truncate mails, or loose them all together in Postfix as
it also directly manages Postfix mail queues. Even the setup for
Mailscanner with Postfix requires a second Postfix instance and queue
structure (Same as Sendmail)
Personally, anything that makes changes directly to mail queues should
do it via smtp (Just my feelings)
I have heard that it works in Sendmail and it doesn't work in Sendmail
(depends on who you want to listen to) 

Bill
This is the wrong list to continue this discussion. I'll just say that 
you're misinforming people by your comments.

Anyone who wants to know more about how MailScanner works with different 
MTA:s can visit http://www.mailscanner.info or even mail me off-list. 
Better that than posting on this list.

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.61 + DCC 1.2.21, ClamAV 0.65 + GMP
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Multiple stability problems on Solaris 9

[Peter Bonivart]

Jon R. Kibler wrote:
  1) freshclam, run as a daemon, crashes without sending a notify. 
 freshclam appears to die anytime it finds a problem with a database update instead of just 
 reporting the error and keep on running to try again later.
Run freshclam from crontab, works like a charm. No daemon that can die.

  2) something is causing clamd to die. this just started Monday.
 the only indication of a problem is that mimedefang starts reporting all sorts of strange errors.
 in mimedefang, we are using clamdscan instead of clamd directly, as it appears to catch some problems
 that are missed when running clamd directly under the control of mimedefang (which I view as a 
 mimedefang problem, not a clamav problem).
Use MailScanner, it scans files in batches with clamscan so no 
performance loss. No daemon that can die.

http://www.mailscanner.info

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.61 + DCC 1.2.21, ClamAV 0.65 + GMP
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Mailscanner, sendmail 8.12, split input queues

[Peter Bonivart]

Leif Neland wrote:
How does this fit in with sendmail 8.12 already having two queues, mqueue
and  mqueue-client?
You really should have posted this on the MailScanner list since nothing 
of this is Clam related. However the mqueue-client does not have a 
physical queue, instead it's a way of picking up local mail transmitting 
them through your MTA. It does not affect MailScanner at all, everyone 
using Sendmail has 8.12 (except for some heavily patched 8.11 that comes 
with older Linux systems).

And how do I do this with Debian's /etc/mail/sendmail.conf?
There are Debian ports that I think do the job for you. Check it out on 
the web site under downloads.

http://www.mailscanner.info

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.61 + DCC 1.2.21, ClamAV 0.65 + GMP
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] MD5 error ?

[Peter Bonivart]

Isn't it time to stop supporting the old db format? Version 0.65 has 
been out for two months now and lot's of people seem to have problems 
when they keep both the db and the cvd files.

Is there a reason not to install 0.65 or a newer snapshot?

/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.61 + DCC 1.2.21, ClamAV 0.65 + GMP
Tomasz Kojm wrote:
Unfortunately there must have been some error in our db distribution
system, probably connected with a huge load of the main site after
update (clamav.sf.net), generated by OLD CLAMAV VERSIONS (= 0.60, and
there are still thousands of them).


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] problem in updating virus db

[Peter Bonivart]

He's running Solaris...

/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.61 + DCC 1.2.21, ClamAV 0.65 + GMP
Daniel J McDonald wrote:
You also need libgmp-devel, or whatever the development library package
is called on your distribution (on Mandrake it is libgmp3-devel) . 
After that is installed you have to recompile the freshclam binary.


---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Retract -- clamav, gmp, Solaris, gcc

[Peter Bonivart]

Works fine here. Just remember to set ABI to 32 before configure ; make 
; make install. Then it should not give you any problems when 
configuring Clam.

/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.61 + DCC 1.2.21, ClamAV 0.65 + GMP
Christopher X. Candreva wrote:
Has anyone gotten clamav / gmp to work on Solaris / Sparc ?


---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Retract -- clamav, gmp, Solaris, gcc

[Peter Bonivart]

It's mentioned in bold in the docs but who reads them... ;-)

/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.61 + DCC 1.2.21, ClamAV 0.65 + GMP
Christopher X. Candreva wrote:
In fairness though, gmp is NOT mentioned in the 0.65 README file, and FAQ is
rather sparse. README says a change to the mirrors system is noted in the
full pdf docs, but doesn't mention a change to the build process.
Unless I've missed something, in which case I apologize, new required
libraries would be a good thing to add under changes in the README for
future releases.


---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] problem in updating virus db

[Peter Bonivart]

I'm just wondering if you have GMP on your machine? It's needed to 
verify the signatures of the new database files introduced with 0.65.

/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.61 + DCC 1.2.21, ClamAV 0.65 + GMP
Abyot Asalefew wrote:
ClamAV update process started at Mon Jan 12 05:06:38 2004
ERROR: Malformed CVD header detected.
ERROR: Can't read main.cvd header from database.clamav.net 
(212.162.12.159)
ClamAV update process started at Mon Jan 12 05:08:56 2004


---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] type of viruses being added to database

[Peter Bonivart]

Are you subscribed to clamav-virusdb? If not, try that first.

/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.61 + DCC 1.2.21, ClamAV 0.65 + GMP
jef moskot wrote:
Well, yes, obviously, but could you maybe take a recent representative
update and give us an idea of what the added viruses are like?  Just so
that we get an approximate feeling of what's going on.
For example, you mentioned that the newest threats are added the most
quickly, but I don't know if the last time you added an ancient virus was
today or six months ago.
I'm not asking for precise figures, just something a little more concrete
than we add old and new viruses.


---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] pretty basic question - clamscan vs clamdscan

[Peter Bonivart]

Hasn't there been problems with the stability of clamd for a long time? 
Are those problems solved now?

I use MailScanner and it sends batches of files to scan so the speed 
difference is negligible and I don't have to worry about if clamd has 
stopped. Anyway, I find that it takes more time for SpamAssassin to 
check a message than it takes to virus scan it.

/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.61 + DCC 1.2.21, ClamAV 0.65 + GMP
[EMAIL PROTECTED] wrote:
thanks for your reply - and to the others who posted in this thread as 
well. i have a much better understanding now of all this. and it sure is 
great to no longer be faced with throwing even more iron at the problem!


---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: Forward del messaggio di Nikolaj Wicker riguardo a clamav-milter

[Peter Bonivart]

Haven't followed the thread but I assume he's talking about some Linux
RPM package, many on these lists take for granted you run Linux.
Milter should be in the distribution tarball from sendmail.org. Sun
doesn't compile in TLS support either, not even in the more security
oriented Solaris 9, so I'm not surprised they don't enable milter
either. Try compiling it from source.
http://sendmail.org/compiling.html
http://www.milter.org/
/Peter Bonivart

--Unix lovers do it in the Sun

Nigel Horne wrote:
Where did you get the sendmail-devel package from which includes milter support?
(Solaris 2.8 out of the box doesn't support it).
- -Nigel

- -- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk




---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [clamav-users] clamd / clamav-milter crashes

[Peter Bonivart]

I let MailScanner handle the mail. It uses ClamAV as a simple file 
scanner and doesn't seem to cause any problems there. You can also use 
SpamAssassin as an addition to the attachment filtering built into 
MailScanner. Nothing has to be changed in your Sendmail configuration. 
Pretty complete I would say.

http://www.sng.ecs.soton.ac.uk/mailscanner/

/Peter Bonivart

--Unix lovers do it in the Sun

Tomasz Kojm wrote:
Hi,
I' m testing clamav-0.60 on a Solaris 8 box with clamav-milter as a mail 
scanner for sendmail. When I start clamd and clamav-milter they work 
fine for a while. After some time clamd or clamav-milter crashes and 
coredumps.


Hi Margit,
this is a known problem - our mail scanning engine isn't perfect :((
If you have caught a problematic mail please send it to Nigel -
njh at bandsman dot co dot uk. Thanks !
Best regards,
Tomasz Kojm


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] virus.db2 checksum

[Peter Bonivart]

Strange, I get another checksum than you do, but still different from 
the correct one. The files have the same timestamp on the ftp server 
so it's not that one file is old, more likely someone just made a 
mistake. It will probably be fixed tomorrow. Don't worry, ClamAV isn't 
your only defense, is it? :)

[EMAIL PROTECTED] tmp]# more viruses2.md5
797f09be551cee8324f93c50d9372b71 
/studinfo/tk/clamav/share/clamav/viruses.db2
[EMAIL PROTECTED] tmp]# md5sum viruses.db2
6cd7a88e4af1d67d328b5829a723e0f6  viruses.db2

viruses.db2 23-Jun-2003 10:4288k
viruses2.md523-Jun-2003 10:42 1k
/Peter Bonivart

--Unix lovers do it in the Sun

Ted Fines wrote:
You can calculate MD5 checksums yourself, on Linux systems anyway.  The 
command is just 'md5sum filename'.  The checksum I get for viruses.db2 
is:
[EMAIL PROTECTED] root]# md5sum viruses.db2
55955463c72c1ef803ef05c8a3cc9aa2  viruses.db2

I don't know what good this does us, however.  You could go into the 
source code and recompile freshclam to ignore the md5 checksum, but that 
is a REALLY bad idea.

Either the viruses.db2 file needs to be updated on the web site, or the 
md5 checksum does.  Unfortunately we can't do either.

Ted


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] Antivirus

[Peter Bonivart]

Have you checked that clamscan detects the eicar file? In the log it 
looks like it doesn't.

# clamscan eicar.com
eicar.com: Eicar-Test-Signature FOUND

--- SCAN SUMMARY ---
Known viruses: 8531
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 Mb
I/O buffer size: 131072 bytes
Time: 0.320 sec (0 m 0 s)

/Peter Bonivart

--Unix lovers do it in the Sun

Claudio wrote:
hi i'm a newbie.
I have this problem:
i send an e-mail with attached the file EICAR.COM but the clamav don't 
stop it.
Why?
I use postfix-2.0.9, amavis-0.3.12, clamav-0.54, pavcl 6.


Jun 21 20:00:29 principal amavisd[1371]: Using clamav
Jun 21 20:00:32 principal amavisd[1371]: 
/var/amavis/amavis-14392938/parts/msg-1371-1.txt: OK 
/var/amavis/amavis-14392938/parts/msg-1371-2.EXE: OK  --- SCAN 
SUMMARY --- Known viruses: 7286 Scanned directories: 1 Scanned 
files: 2 Infected files: 0 Data scanned: 0.00 Mb I/O buffer size: 131072 
bytes Time: 2.594 sec (0 m 2 s)
Jun 21 20:00:32 principal amavisd[1371]: Using clamd
Jun 21 20:00:32 principal amavisd[1371]: Virus scanner failure: Clamd - 
can't connect to daemon


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] am I understanding this right?

[Peter Bonivart]

I was speaking of MailScanner which can be configured to do several
things to spam and virus. You don't need another program to delete
infected files, MailScanner can do that for you. But if you feel
comfortable delivering disinfected attachments you do need another
program than ClamAV. I need timely updates of signatures a lot more than
disinfection which I would never trust anyway.

ClamAV works for us and we have Sophos on the clients if something slips
in. By the way, on the MailScanner mail list Sophos problems seems to
outnumber all the other 14 supported virus scanners combined...

/Peter Bonivart

--Unix lovers do it in the Sun

On Mon, 2003-06-09 at 17:56, Raymond Norton wrote:
If we're talking MailScanner with ClamAV you can choose what to do but
   most deliver the message with the infected attachment replaced by a
   message. The attachments are stored on the mail server for closer
  inspection. Basically, everything that is not infected is deliverd
  
 
 I am trying to see how this is a benefit to run over sophos. It seems we
 still need to either delete, or disinfect the file, so I would need another
 program to do this. Presently, we are running sophos, but I am trying to
 find an open source solution, so I don't have to spend a chunk of change
 each year per server, or user. I need to cover 500 + mailboxes, so even a
 few bucks per user is a big deal..
 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [clamav-users] pardon me if this has been covered

[Peter Bonivart]

Maybe you have an old version of MailScanner but they fully support
ClamAV now together with 14 other scanners.

http://www.sng.ecs.soton.ac.uk/mailscanner/readme.shtml


You just have to change this line in MailScanner.conf from sophos to
clamav:

Virus Scanners = clamav

/Peter Bonivart

--Unix lovers do it in the Sun

On Thu, 2003-06-05 at 21:04, Raymond Norton wrote:
 First, is there a searchable version of the mailing list?
  
  
 Presently I use mailscanner with sendmail, and have configured it to
 use sophos. This works very nice, but not free. Can clamav be
 incorporated to work in mailscanner, or is there another way to scan
 all user mailboxes? Almost all users are accessing their mail from
 windows, using outlook express.
  
 Any docs on the exacts of getting this done would be great.
  
  
  
  
  
 Thanks in advance
  
  
 Raymond
 -
  
 Defeat is a matter of choice.
   
 --God
  
  


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]