RE: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2
On Wed, 2005-09-28 at 02:13, Damian Menscher wrote: If you look up --bounce in man clamav-milter, it says Send a spam to the spoofed sender. This will help advertize ClamAV. Note: this may cause you to be referred to as an `idiot' by clueful mailserver administrators worldwide. No it does not. Retract that statement immediately. Damian Menscher ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2
Damian Menscher wrote: On Tue, 27 Sep 2005, [EMAIL PROTECTED] wrote: Dag has it set to spam the spoofed senders Um, does he? By my reading of http://dag.wieers.com/packages/clamav/clamav.spec ... --noreject Rather convenient of you to snip THE NEXT LINE: -obl local:%{_localstatedir}/clamav/clmilter.socket Note that the -b is short for --bounce. Missed that one. So he has both --bounce and --noreject??? LOL -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2
Matthew van Eerde wrote: Damian Menscher wrote: On Tue, 27 Sep 2005, [EMAIL PROTECTED] wrote: Dag has it set to spam the spoofed senders Um, does he? By my reading of http://dag.wieers.com/packages/clamav/clamav.spec ... --noreject Rather convenient of you to snip THE NEXT LINE: -obl local:%{_localstatedir}/clamav/clmilter.socket Note that the -b is short for --bounce. OK, in the interest of fairness, here's the list of flags: %{__cat} EOF clamav-milter.sysconfig ### Simple config file for clamav-milter, you should ### read the documentation and tweak it as you wish. CLAMAV_FLAGS= --config-file=%{_sysconfdir}/clamd.conf --max-children=10 --force-scan --quiet --dont-log-clean --noreject -obl local:%{_localstatedir}/clamav/clmilter.socket EOF The relevant entries... which all seem to conflict... are: --quiet --noreject --bounce (AKA -b) --noreject: to respond OK rather than REJECT on the data phase. --bounce: send a virus found message to the sender and the postmaster. --quiet: DON'T send a virus found message to ANYBODY. So --bounce and --quiet conflict. According to man clamav-milter on my system, --quiet wins. So the net effect seems to be that this config should silently absorb viruses - accept, destroy, don't deliver. Or did I miss something else? -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2
On Wed, 28 Sep 2005, Nigel Horne wrote: On Wed, 2005-09-28 at 02:13, Damian Menscher wrote: If you look up --bounce in man clamav-milter, it says Send a spam to the spoofed sender. This will help advertize ClamAV. Note: this may cause you to be referred to as an `idiot' by clueful mailserver administrators worldwide. No it does not. Retract that statement immediately. Oh, sorry. That's what it says in my (patched) version. The released version may say something different. Nigel, why does this option exist? It's well known to be stupid. Isn't it about time it was removed from the codebase? Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2
On Wed, 28 Sep 2005, Damian Menscher wrote: No it does not. Retract that statement immediately. Oh, sorry. That's what it says in my (patched) version. The released version may say something different. Personally I like your version better. If the option can't be removed, you should submit the documentation patch. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2
On Wed, 28 Sep 2005, [EMAIL PROTECTED] wrote: OK, in the interest of fairness, here's the list of flags: %{__cat} EOF clamav-milter.sysconfig ### Simple config file for clamav-milter, you should ### read the documentation and tweak it as you wish. CLAMAV_FLAGS= --config-file=%{_sysconfdir}/clamd.conf --max-children=10 --force-scan --quiet --dont-log-clean --noreject -obl local:%{_localstatedir}/clamav/clmilter.socket EOF The relevant entries... which all seem to conflict... are: --quiet --noreject --bounce (AKA -b) --noreject: to respond OK rather than REJECT on the data phase. --bounce: send a virus found message to the sender and the postmaster. --quiet: DON'T send a virus found message to ANYBODY. So --bounce and --quiet conflict. According to man clamav-milter on my system, --quiet wins. So the net effect seems to be that this config should silently absorb viruses - accept, destroy, don't deliver. Or did I miss something else? You're right. I was (incorrectly) thinking that --bounce overrides --quiet (which would make more sense than the actual behavior, IMHO, since having options get ignored seems strange, especially when a different behavior that would make sense). So, Dag's package doesn't send bounce messages. But it has plenty of other problems, like running freshclam only daily, not using DNSDatabaseInfo, not running clamdwatch or clmilter_watch, not logging through syslog, etc. As I said, I suggested changes to Dag on Aug 14, but they didn't make it into his .spec file. And, until they do, I'll continue to warn people away from using his clamav package. Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2
On Wed, 2005-09-28 at 12:40 -0500, Damian Menscher wrote: You're right. I was (incorrectly) thinking that --bounce overrides --quiet (which would make more sense than the actual behavior, IMHO, since having options get ignored seems strange, especially when a different behavior that would make sense). I was worried there for a second, until I realized that I don't use clam-milter. I instead run clamav via the socket from mimedefang, which is a better way to go anyway. So, Dag's package doesn't send bounce messages. But it has plenty of other problems, like running freshclam only daily, not using DNSDatabaseInfo, not running clamdwatch or clmilter_watch, not logging through syslog, etc. In fairness, you should always set up your own freshclam stuff anyway so as to spread the updates out. I use dag packages but I set crontab to a pseudo-random minute (pick a number) every hour run freshclam. I am using dag's packages on 3 servers and each hour I get the latest update. As I said, I suggested changes to Dag on Aug 14, but they didn't make it into his .spec file. And, until they do, I'll continue to warn people away from using his clamav package. Definitely don't run it blindly. I use clamav with mimedefang (all from dag's packages) and have things set up and running without any problems.. Damian Menscher -- Michael Torrie [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2
On Tue, 2005-09-27 at 18:45 -0500, Damian Menscher wrote: I would recommend NOT running those RPMs, unless you do heavy modification of the configuration. Dag has it set to spam the spoofed senders (WHY IS THIS EVEN A VALID OPTION IN CLAMAV?). I emailed him about getting a reasonable configuration last month, but got no response. I'll try pinging him again on it, since having a fairly standard RPM would be helpful for many smalltime-admins out there. This is only clam-milter that is affected by the bounce options, right? I run clam in standalone mode using mimedefang as the milter (with custom handling of virus e-mails). Seems to be much better than running just clam-milter. Anyone who is running clamav-milter, I recommend switching to mimedefang. Many more possibilities for filtering. Damian Menscher -- Michael Torrie [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2
Michael Torrie wrote: This is only clam-milter that is affected by the bounce options, right? I run clam in standalone mode using mimedefang as the milter (with custom handling of virus e-mails). Seems to be much better than running just clam-milter. Anyone who is running clamav-milter, I recommend switching to mimedefang. Many more possibilities for filtering. I run clamav-milter (to clamd, with --external) first, then MIMEDefang. I figure if I can reject the viral mail with a cheap clamav-milter call, and avoid tying up a memory-hungry MIMEDefang thread unnecessarily, I can use the MIMEDefang thread somewhere else (like running a SpamAssassin check, for example.) I occasionally consider writing a Mail::SpamAssassin::Client module to lighten up the MIMEDefang threads, too... just run a few spamd threads and have the MIMEDefang threads share... -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 David Shows wrote: | Morning all, | | My version of ClamAV .85 has become outdated and I need to upgrade. |Unfortunately I get error messages when I try to use RPM to upgrade because |of incompatibilities with zlib packages. I have not tried to ignore the |issues and force an install, but running out of ideas. | | Anyone upgrade with RedHat yet and solve the RPM issues? Would like to |know how you solved them. | |Thanks much, | |David Shows |MegaGate Broadband | | | Depends, If you have the latest RPMS from RedHat that fix the major important security issues, than most likely you can ignore the error and force the issue or compile the source with the flag that skips the ZLib version check. RedHat has a tendency to just patch the security vulnerability and just increment the package number without changing the major version number of the package. If you don't have the latest from RedHat, then please update to the latest and again ignore the problem and force the issue. It would be interesting to find out where you are getting the clamav RPMs for this version of RedHat. James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDOWS5kNLDmnu1kSkRAx1OAJ9iMCzjJ6uUl2kWzNXy/pOT/m/BBACeJ5D9 hNoi+OQ1XnZHC4lyI4lyhJE= =aDin -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2
Excellent. I'll go ahead and push this through. Thanks for the help. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Kosin Sent: Tuesday, September 27, 2005 10:27 AM To: ClamAV users ML Subject: Re: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2 -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 David Shows wrote: | Morning all, | | My version of ClamAV .85 has become outdated and I need to upgrade. |Unfortunately I get error messages when I try to use RPM to upgrade because |of incompatibilities with zlib packages. I have not tried to ignore |the issues and force an install, but running out of ideas. | | Anyone upgrade with RedHat yet and solve the RPM issues? Would like |to know how you solved them. | |Thanks much, | |David Shows |MegaGate Broadband | | | Depends, If you have the latest RPMS from RedHat that fix the major important security issues, than most likely you can ignore the error and force the issue or compile the source with the flag that skips the ZLib version check. RedHat has a tendency to just patch the security vulnerability and just increment the package number without changing the major version number of the package. If you don't have the latest from RedHat, then please update to the latest and again ignore the problem and force the issue. It would be interesting to find out where you are getting the clamav RPMs for this version of RedHat. James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDOWS5kNLDmnu1kSkRAx1OAJ9iMCzjJ6uUl2kWzNXy/pOT/m/BBACeJ5D9 hNoi+OQ1XnZHC4lyI4lyhJE= =aDin -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.7/112 - Release Date: 9/26/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.7/112 - Release Date: 9/26/2005 ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2
On Tue, 2005-09-27 at 10:31 -0500, David Shows wrote: Excellent. I'll go ahead and push this through. Thanks for the help. Also Dag Wieers has packages (fairly up-to-date) of clamav for all the RedHat distros including EL and FC. See http://dag.wieers.com/home-made/apt/packages.php David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Kosin Sent: Tuesday, September 27, 2005 10:27 AM To: ClamAV users ML Subject: Re: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2 -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 David Shows wrote: | Morning all, | | My version of ClamAV .85 has become outdated and I need to upgrade. |Unfortunately I get error messages when I try to use RPM to upgrade because |of incompatibilities with zlib packages. I have not tried to ignore |the issues and force an install, but running out of ideas. | | Anyone upgrade with RedHat yet and solve the RPM issues? Would like |to know how you solved them. | |Thanks much, | |David Shows |MegaGate Broadband | | | Depends, If you have the latest RPMS from RedHat that fix the major important security issues, than most likely you can ignore the error and force the issue or compile the source with the flag that skips the ZLib version check. RedHat has a tendency to just patch the security vulnerability and just increment the package number without changing the major version number of the package. If you don't have the latest from RedHat, then please update to the latest and again ignore the problem and force the issue. It would be interesting to find out where you are getting the clamav RPMs for this version of RedHat. James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDOWS5kNLDmnu1kSkRAx1OAJ9iMCzjJ6uUl2kWzNXy/pOT/m/BBACeJ5D9 hNoi+OQ1XnZHC4lyI4lyhJE= =aDin -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.7/112 - Release Date: 9/26/2005 -- Michael Torrie [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2
On Tue, 27 Sep 2005, Michael Torrie wrote: On Tue, 2005-09-27 at 10:31 -0500, David Shows wrote: Excellent. I'll go ahead and push this through. Thanks for the help. Also Dag Wieers has packages (fairly up-to-date) of clamav for all the RedHat distros including EL and FC. See http://dag.wieers.com/home-made/apt/packages.php I would recommend NOT running those RPMs, unless you do heavy modification of the configuration. Dag has it set to spam the spoofed senders (WHY IS THIS EVEN A VALID OPTION IN CLAMAV?). I emailed him about getting a reasonable configuration last month, but got no response. I'll try pinging him again on it, since having a fairly standard RPM would be helpful for many smalltime-admins out there. Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2
Damian Menscher wrote: On Tue, 27 Sep 2005, Michael Torrie wrote: Also Dag Wieers has packages (fairly up-to-date) of clamav for all the RedHat distros including EL and FC. See http://dag.wieers.com/home-made/apt/packages.php I would recommend NOT running those RPMs, unless you do heavy modification of the configuration. Dag has it set to spam the spoofed senders (WHY IS THIS EVEN A VALID OPTION IN CLAMAV?). Um, does he? By my reading of http://dag.wieers.com/packages/clamav/clamav.spec ... %{__cat} EOF clamav-milter.sysconfig ### Simple config file for clamav-milter, you should ### read the documentation and tweak it as you wish. ... --noreject ... he has it set to absorb viruses (don't reject, don't deliver, don't bounce) -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2
On Tue, 27 Sep 2005, [EMAIL PROTECTED] wrote: Damian Menscher wrote: On Tue, 27 Sep 2005, Michael Torrie wrote: Also Dag Wieers has packages (fairly up-to-date) of clamav for all the RedHat distros including EL and FC. See http://dag.wieers.com/home-made/apt/packages.php I would recommend NOT running those RPMs, unless you do heavy modification of the configuration. Dag has it set to spam the spoofed senders (WHY IS THIS EVEN A VALID OPTION IN CLAMAV?). Um, does he? By my reading of http://dag.wieers.com/packages/clamav/clamav.spec ... %{__cat} EOF clamav-milter.sysconfig ### Simple config file for clamav-milter, you should ### read the documentation and tweak it as you wish. ... --noreject ... he has it set to absorb viruses (don't reject, don't deliver, don't bounce) Rather convenient of you to snip THE NEXT LINE: -obl local:%{_localstatedir}/clamav/clmilter.socket Note that the -b is short for --bounce. If you look up --bounce in man clamav-milter, it says Send a spam to the spoofed sender. This will help advertize ClamAV. Note: this may cause you to be referred to as an `idiot' by clueful mailserver administrators worldwide. Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2
Damian Menscher said: Rather convenient of you to snip THE NEXT LINE: -obl local:%{_localstatedir}/clamav/clmilter.socket Note that the -b is short for --bounce. If you look up --bounce in man clamav-milter, it says Send a spam to the spoofed sender. This will help advertize ClamAV. Note: this may cause you to be referred to as an `idiot' by clueful mailserver administrators worldwide. Interesting you should say that as that was going to be my response to you regarding Dag in your earlier post. People who do this are idiots, in fact. I normally put them in my access.db file and never hear from them again. dp ___ http://lurker.clamav.net/list/clamav-users.html