Re: Re: [Clamav-users] newbie question
find / -name 'clamd' -print --- Christopher Scott [EMAIL PROTECTED] wrote: /path/to/clamd I guess that's my question - where is clamd installed by default? ___ http://lurker.clamav.net/list/clamav-users.html ___ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav on Linux Gateway to Exchange - Clamav locking up sendmail
I had a similar problem, upgrading to sendmail 8.12.11 seemed so cure it. I think there was a bug in the sendmail libmilter, Regards Peter --- Stevens, John [EMAIL PROTECTED] wrote: Hi All, I have had a problem occur twice on a Linux (Cobalt RaQ3) gateway for a MS Exchange Server (Our internal Mail server) and wondered if anyone has experienced something similar. Firstly the details: Clamav-0.70-rc1 with clamav-milter from that package. Sendmail 8.12.10 Spamassassin 2.55 with spamass-milter 0.1.3a Everything goes along fine for a few days and then stuff like this all of a sudden appears in the logs. Mar 24 16:09:24 pinot clamav-milter[8564]: No data received from clamd in 60 seconds Mar 24 16:09:48 pinot clamav-milter[8568]: No data received from clamd in 60 seconds Mar 24 16:10:24 pinot clamav-milter[8564]: No data received from clamd in 60 seconds Mar 24 16:10:24 pinot clamav-milter[8564]: Expected port information from clamd, got '' Mar 24 16:10:24 pinot sendmail[8561]: i2O58NRs008561: Milter: from=[EMAIL PROTECTED], reject=451 4.7.1 Please try again later Mar 24 16:10:48 pinot sendmail[8565]: i2O58mRs008565: from=[EMAIL PROTECTED], size=6252, class =0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=diaz.tusc.com.au [10.1.10.29] Mar 24 16:10:56 pinot clamav-milter[8640]: No data received from clamd in 60 seconds Mar 24 16:11:01 pinot clamav-milter[8650]: No data received from clamd in 60 seconds Mar 24 16:11:18 pinot clamav-milter[8821]: No data received from clamd in 60 seconds Mar 24 16:11:34 pinot clamav-milter[9527]: No data received from clamd in 60 seconds Mar 24 16:11:38 pinot clamav-milter[8616]: No data received from clamd in 60 seconds Mar 24 16:11:38 pinot clamav-milter[8616]: Expected port information from clamd, got '' Mar 24 16:11:38 pinot sendmail[8612]: i2O59YRs008612: Milter: from=[EMAIL PROTECTED], reject=4 51 4.7.1 Please try again later All mail is rejected, incoming and outgoing from the Exchange server. Restarting clamd gets things going again as far as incoming is concerned. The Exchange SMTP Connector (don't ask me, you no Microsoft) has to be forced to reconnect and send the queued messages. Then things work fine again. This has only happened twice, but it is of concern. We used to have a problem with the Exchange Connector holding the Sendmail port open so nothing else could connect. Had to restart sendmail. Trying to figure out if a patch or something else fixed it. This appears to be a similar problem, only now it has frees up the sendmail port to accept more connections and spawn new sendmails, but the milter interface appears to tie up clamd. Any suggestions would be appreciated, except for the one to ditch Exchange. Not my choice, but I have to live with it. Regards TUSC Computer Systems - www.tusc.com.au John Stevens - MIS Manager, Senior Project Engineer Mobile: 0419840411 Direct: 03 9840 4428 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70alloc_id638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] virus getting thru
Hello Nagy, I'm reasonably sure that is is something to do with my configuration. As the eicar.zip test file also slips through. to rehash, My config Clamav 0.67, mimedefang 2.39, sendmail 8.12.10, the problem is always base64 encoded zip files, get through. Any help, will result in my life long appreciation/hero worhsip. Regards Peter --- Nagy_Ferenc_László [EMAIL PROTECTED] wrote: Peter McCreath wrote: --- Loren Salsgiver [EMAIL PROTECTED] wrote: Norton AntiVirus removed the attachment: bill.zip. The attachment was infected with the [EMAIL PROTECTED] virus. This seems to be common, can anyone help? Loren I;m having the same problem, it always seems to be Bse64 encoded zip files. Peter Does the zip file have a password? If not, you can submit it on the web interface. Nagy Ferenc László --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] virus getting thru
--- Loren Salsgiver [EMAIL PROTECTED] wrote: Norton AntiVirus removed the attachment: bill.zip. The attachment was infected with the [EMAIL PROTECTED] virus. This seems to be common, can anyone help? Loren I;m having the same problem, it always seems to be Bse64 encoded zip files. Peter Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: Re: Zip files.
Hello All, I'm still pulling my hair out over my Zip file problem. I'm fairly sure my calmav.conf settings are correct, however i have noticed it only seems to affect base64 encoded files. Could the problem lie there. Any help/pointers gratefully received. Many thanks in advance, Peter Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Zip files.
--- russ [EMAIL PROTECTED] wrote: On Thu, 2004-02-26 at 04:41, Peter McCreath wrote: Thanks, but yes i run freshclam via a cron job. The strange thing is that running clamdscan on a mesg will detect the eicar zip test, but clamd still lets this through. Did you un-comment scanmail in the clamav.conf? Post your conf file so we can look at it. -- Russel Oliver [EMAIL PROTECTED] Hi Russ, Thanks for the input. Yes I had un-commented Scanmail please find attached my clamav.conf, Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html## ## Example config file for the Clam AV daemon ## Please read the clamav.conf(5) manual before editing this file. ## # Comment or remove the line below. #Example # Uncomment this option to enable logging. # LogFile must be writable for the user running the daemon. # Full path is required. LogFile /var/log/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # copy the configuration file, change the LogFile variable, and run # the daemon with --config-file option). That's why you shouldn't uncomment # this option. #LogFileUnlock # Maximal size of the log file. Default is 1 Mb. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. LogFileMaxSize 20M # Log time with an each message. LogTime # Log also clean files. May be useful in debugging but will drastically # increase the log size. LogClean # Use system logger (can work together with LogFile). LogSyslog # Enable verbose logging. LogVerbose # This option allows you to save the process identifier of the listening # daemon (main thread). PidFile /var/spool/MIMEDefang/clamd.pid # Optional path to the global temporary directory. # Default is system specific - usually /var/tmp or /tmp. TemporaryDirectory /var/tmp # Path to the database directory. # Default is the hardcoded directory (mostly /usr/local/share/clamav, # but it depends on installation options). #DatabaseDirectory /var/lib/clamav DatabaseDirectory /usr/local/share/clamav # The daemon works in local or network mode. Currently the local mode is # recommended for security reasons. # Path to the local socket. The daemon doesn't change the mode of the # created file (portability reasons). You may want to create it in a directory # which is only accessible for a user running daemon. LocalSocket /var/spool/MIMEDefang/clamd.sock # Remove stale socket after unclean shutdown. #FixStaleSocket # TCP port address. #TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. #TCPAddr 127.0.0.1 # Maximum length the queue of pending connections may grow to. # Default is 15. #MaxConnectionQueueLength 30 # When activated, input stream (see STREAM command) will be saved to disk before # scanning - this allows scanning within archives. StreamSaveToDisk # Close the connection if this limit is exceeded. #StreamMaxLength 10M StreamMaxLength 40M # Maximal number of a threads running at the same time. # Default is 5, and it should be sufficient for a typical workstation. # You may need to increase threads number for a server machine. MaxThreads 200 # Thread (scanner - single task) will be stopped after this time (seconds). # Default is 180. Value of 0 disables the timeout. SECURITY HINT: Increase the # timeout instead of disabling it. ThreadTimeout 500 # Maximal depth the directories are scanned at. MaxDirectoryRecursion 15 # Follow a directory symlinks. # SECURITY HINT: You should have enabled directory recursion limit to # avoid potential problems. FollowDirectorySymlinks # Follow regular file symlinks. FollowFileSymlinks # Do internal checks (eg. check the integrity of the database structures) # By default clamd checks itself every 3600 seconds (1 hour). SelfCheck 600 # Execute a command when virus is found. In the command string %v and %f will # be replaced by the virus name and the infected file name respectively. # # SECURITY WARNING: Make sure the virus event command cannot be exploited, # eg. by using some special file name when %f is used. # Always use a full path to the command. # Never delete/move files with this directive ! #VirusEvent /usr/local/bin/send_sms 123456789 VIRUS ALERT: %f: %v # Run as selected user (clamd must be started by root). # By default it doesn't drop privileges. User defang # Initialize the supplementary group access (for all groups in /etc/group # user is added in. clamd must be started by root). #AllowSupplementaryGroups
[Clamav-users] Base64/Zip problem
Hallo All, Thanks for an excellent product, but i have a slight problem and am in need of some pointers. I am using Clamav-0.66 Mimedefang-2.39 I'm still getting viruses pass the scanner. I *think* this is due to either a problem with my zip or due to Base64 encoding. Any ideas as to where to start looking, would be greatly appreciated. Many thanks in Advance, regards Peter Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users