Re: Re: [Clamav-users] newbie question

2005-07-29 Thread Peter McCreath 
find / -name 'clamd' -print 

--- Christopher Scott [EMAIL PROTECTED] wrote:

 /path/to/clamd
 
 I guess that's my question - where is clamd
 installed by default?
 ___
 http://lurker.clamav.net/list/clamav-users.html
 




___ 
To help you stay safe and secure online, we've developed the all new Yahoo! 
Security Centre. http://uk.security.yahoo.com
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav on Linux Gateway to Exchange - Clamav locking up sendmail

2004-03-24 Thread Peter McCreath 
I had a similar problem, upgrading to sendmail 8.12.11
seemed so cure it. I think there was a bug in the
sendmail libmilter, 

Regards 
Peter

 --- Stevens, John [EMAIL PROTECTED] wrote: 
Hi All,
 I have had a problem occur twice on a Linux (Cobalt
 RaQ3) gateway for a MS Exchange Server (Our internal
 Mail server) and wondered if anyone has experienced
 something similar.  Firstly the details:
 Clamav-0.70-rc1 with clamav-milter from that
 package.
 Sendmail 8.12.10
 Spamassassin 2.55 with spamass-milter 0.1.3a
 
 Everything goes along fine for a few days and then
 stuff like this all of a sudden appears in the logs.
 
 Mar 24 16:09:24 pinot clamav-milter[8564]: No data
 received from clamd in 60 seconds
 Mar 24 16:09:48 pinot clamav-milter[8568]: No data
 received from clamd in 60 seconds
 Mar 24 16:10:24 pinot clamav-milter[8564]: No data
 received from clamd in 60 seconds
 Mar 24 16:10:24 pinot clamav-milter[8564]: Expected
 port information from clamd, got ''
 Mar 24 16:10:24 pinot sendmail[8561]:
 i2O58NRs008561: Milter: from=[EMAIL PROTECTED],
 reject=451
 4.7.1 Please try again later
 Mar 24 16:10:48 pinot sendmail[8565]:
 i2O58mRs008565: from=[EMAIL PROTECTED],
 size=6252, class
 =0, nrcpts=0, proto=ESMTP, daemon=MTA,
 relay=diaz.tusc.com.au [10.1.10.29]
 Mar 24 16:10:56 pinot clamav-milter[8640]: No data
 received from clamd in 60 seconds
 Mar 24 16:11:01 pinot clamav-milter[8650]: No data
 received from clamd in 60 seconds
 Mar 24 16:11:18 pinot clamav-milter[8821]: No data
 received from clamd in 60 seconds
 Mar 24 16:11:34 pinot clamav-milter[9527]: No data
 received from clamd in 60 seconds
 Mar 24 16:11:38 pinot clamav-milter[8616]: No data
 received from clamd in 60 seconds
 Mar 24 16:11:38 pinot clamav-milter[8616]: Expected
 port information from clamd, got ''
 Mar 24 16:11:38 pinot sendmail[8612]:
 i2O59YRs008612: Milter:
 from=[EMAIL PROTECTED], reject=4
 51 4.7.1 Please try again later
 
 All mail is rejected, incoming and outgoing from the
 Exchange server.  Restarting clamd gets things going
 again as far as incoming is concerned.  The Exchange
 SMTP Connector (don't ask me, you no Microsoft) has
 to be forced to reconnect and send the queued
 messages.  Then things work fine again.  This has
 only happened twice, but it is of concern.
 We used to have a problem with the Exchange
 Connector holding the Sendmail port open so nothing
 else could connect.  Had to restart sendmail. 
 Trying to figure out if a patch or something else
 fixed it.  This appears to be a similar problem,
 only now it has frees up the sendmail port to accept
 more connections and spawn new sendmails, but the
 milter interface appears to tie up clamd.
 Any suggestions would be appreciated, except for the
 one to ditch Exchange.  Not my choice, but I have to
 live with it.
 Regards
 
 
 TUSC Computer Systems - www.tusc.com.au
 John Stevens - MIS Manager, Senior Project Engineer
 Mobile: 0419840411
 Direct: 03 9840 4428
 
 
 

---
 This SF.Net email is sponsored by: IBM Linux
 Tutorials
 Free Linux tutorial presented by Daniel Robbins,
 President and CEO of
 GenToo technologies. Learn everything from
 fundamentals to system

administration.http://ads.osdn.com/?ad_id70alloc_id638op=click
 ___
 Clamav-users mailing list
 [EMAIL PROTECTED]

https://lists.sourceforge.net/lists/listinfo/clamav-users 


Yahoo! Messenger - Communicate instantly...Ping 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] virus getting thru

2004-03-03 Thread Peter McCreath 
Hello Nagy, 
I'm reasonably sure that is is something to do with my
configuration. As the eicar.zip test file also slips
through. 
to rehash, 
My config 
Clamav 0.67, mimedefang 2.39, sendmail 8.12.10, 
the problem is always base64 encoded zip files, get
through. 

Any help, will result in my life long
appreciation/hero worhsip. 

Regards 
Peter
 --- Nagy_Ferenc_László [EMAIL PROTECTED] wrote: 
Peter McCreath wrote:
 
   --- Loren Salsgiver [EMAIL PROTECTED] wrote:
  
  
 Norton AntiVirus removed the attachment:
 
 bill.zip.
  The attachment was infected with the
 [EMAIL PROTECTED] virus.
  
 
 This seems to be common, can anyone help?
 
 Loren
 
 
 
  
  I;m having the same problem, it always seems to be
  Bse64 encoded zip files. 
  
  Peter
 
 Does the zip file have a password?
 
 If not, you can submit it on the web interface.
 
 Nagy Ferenc László
 
 
 

---
 SF.Net is sponsored by: Speed Start Your Linux Apps
 Now.
 Build and deploy apps  Web services for Linux with
 a free DVD software kit from IBM. Click Now!

http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
 ___
 Clamav-users mailing list
 [EMAIL PROTECTED]

https://lists.sourceforge.net/lists/listinfo/clamav-users 


Yahoo! Messenger - Communicate instantly...Ping 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] virus getting thru

2004-03-01 Thread Peter McCreath 
 --- Loren Salsgiver [EMAIL PROTECTED] wrote:  
Norton AntiVirus removed the attachment:
 bill.zip.
  The attachment was infected with the
 [EMAIL PROTECTED] virus.
  
 
 This seems to be common, can anyone help?
 
 Loren
 
 

I;m having the same problem, it always seems to be
Bse64 encoded zip files. 

Peter


Yahoo! Messenger - Communicate instantly...Ping 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: Re: Zip files.

2004-02-27 Thread Peter McCreath 
Hello All, 
I'm still pulling my hair out over my Zip file
problem. 
I'm fairly sure my calmav.conf settings are correct,
however i have noticed it only seems to affect base64
encoded files. Could the problem lie there. 

Any help/pointers gratefully received. 

Many thanks in advance, 

Peter


Yahoo! Messenger - Communicate instantly...Ping 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Zip files.

2004-02-26 Thread Peter McCreath 
 --- russ [EMAIL PROTECTED] wrote:  On Thu,
2004-02-26 at 04:41, Peter McCreath wrote:
 
  Thanks, but yes i run freshclam via a cron job. 
  The strange thing is that running clamdscan on a
 mesg
  will detect the eicar zip test, but clamd still
 lets
  this through.
 
 Did you un-comment scanmail in the clamav.conf? 
 
 Post your conf file so we can look at it.
 
 -- 
 Russel Oliver
 [EMAIL PROTECTED]
 

Hi Russ, 
Thanks for the input. 
Yes I had un-commented Scanmail 

please find attached my clamav.conf, 



Yahoo! Messenger - Communicate instantly...Ping 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html##
## Example config file for the Clam AV daemon
## Please read the clamav.conf(5) manual before editing this file.
##


# Comment or remove the line below.
#Example

# Uncomment this option to enable logging.
# LogFile must be writable for the user running the daemon.
# Full path is required.
LogFile /var/log/clamd.log

# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option). That's why you shouldn't uncomment
# this option.
#LogFileUnlock

# Maximal size of the log file. Default is 1 Mb.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
LogFileMaxSize 20M

# Log time with an each message.
LogTime

# Log also clean files. May be useful in debugging but will drastically
# increase the log size.
LogClean

# Use system logger (can work together with LogFile).
LogSyslog

# Enable verbose logging.
LogVerbose

# This option allows you to save the process identifier of the listening
# daemon (main thread).
PidFile /var/spool/MIMEDefang/clamd.pid

# Optional path to the global temporary directory.
# Default is system specific - usually /var/tmp or /tmp.
TemporaryDirectory /var/tmp

# Path to the database directory.
# Default is the hardcoded directory (mostly /usr/local/share/clamav,
# but it depends on installation options).
#DatabaseDirectory /var/lib/clamav
DatabaseDirectory /usr/local/share/clamav

# The daemon works in local or network mode. Currently the local mode is
# recommended for security reasons.

# Path to the local socket. The daemon doesn't change the mode of the
# created file (portability reasons). You may want to create it in a directory
# which is only accessible for a user running daemon.
LocalSocket /var/spool/MIMEDefang/clamd.sock

# Remove stale socket after unclean shutdown.
#FixStaleSocket

# TCP port address.
#TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
#TCPAddr 127.0.0.1

# Maximum length the queue of pending connections may grow to.
# Default is 15.
#MaxConnectionQueueLength 30

# When activated, input stream (see STREAM command) will be saved to disk before
# scanning - this allows scanning within archives.
StreamSaveToDisk

# Close the connection if this limit is exceeded.
#StreamMaxLength 10M
StreamMaxLength 40M

# Maximal number of a threads running at the same time.
# Default is 5, and it should be sufficient for a typical workstation.
# You may need to increase threads number for a server machine.
MaxThreads 200

# Thread (scanner - single task) will be stopped after this time (seconds).
# Default is 180. Value of 0 disables the timeout. SECURITY HINT: Increase the
# timeout instead of disabling it.
ThreadTimeout 500

# Maximal depth the directories are scanned at.
MaxDirectoryRecursion 15

# Follow a directory symlinks.
# SECURITY HINT: You should have enabled directory recursion limit to
# avoid potential problems.
FollowDirectorySymlinks

# Follow regular file symlinks.
FollowFileSymlinks

# Do internal checks (eg. check the integrity of the database structures)
# By default clamd checks itself every 3600 seconds (1 hour).
SelfCheck 600

# Execute a command when virus is found. In the command string %v and %f will
# be replaced by the virus name and the infected file name respectively.
#
# SECURITY WARNING: Make sure the virus event command cannot be exploited,
#   eg. by using some special file name when %f is used.
#   Always use a full path to the command.
#   Never delete/move files with this directive !
#VirusEvent /usr/local/bin/send_sms 123456789 VIRUS ALERT: %f: %v

# Run as selected user (clamd must be started by root).
# By default it doesn't drop privileges.
User defang

# Initialize the supplementary group access (for all groups in /etc/group
# user is added in. clamd must be started by root).
#AllowSupplementaryGroups

[Clamav-users] Base64/Zip problem

2004-02-12 Thread Peter McCreath 
Hallo All, 
Thanks for an excellent product, but i have a slight
problem and am in need of some pointers. 

I am using 
Clamav-0.66
Mimedefang-2.39 

I'm still getting viruses pass the scanner. I *think*
this is due to either a problem with my zip or due to
Base64 encoding.

Any ideas as to where to start looking, would be
greatly appreciated. 

Many thanks in Advance, 

regards 
Peter



Yahoo! Messenger - Communicate instantly...Ping 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users