Re: [clamav-users] Please help

[Jan Elliott]

Thanx very much!  I'll give it a try ASAP.   Jan

=>> Jan,
=>>
=>> Look in clamd.conf for something like:
=>>
=>> LocalSocket /var/run/clamav/clamd.ctl
=>> FixStaleSocket true
=>> LocalSocketGroup clamav
=>> LocalSocketMode 666
=>>
=>> or
=>>
=>> TCPSocket 3310
=>> TCPAddr xxx.xxx.xxx.xxx
=>>
=>> Sincerely,
=>>
=>> Eric Tykwinski
=>> TrueNet, Inc.
=>> P: 610-429-8300
=>>
=>> -Original Message-
=>> From: clamav-users

=>> On Behalf Of Jan
=>> Elliott
=>> Sent: Wednesday, August 31, 2022 3:05 PM
=>> To: clamd user questions 
=>> Subject: [clamav-users] Please help
=>>
=>> TO:  "clamd user questions"
=>> 
=>>
=>> QUESTION:  When I try to execute the command "clamd"  I
=>> get the following
=>> message:
=>>ERROR: Please define server type (local and/or TCP)
=>>
=>> BACKGROUND; I worked in Bell Labs for 17 years, where I
=>> learned UNIX. After
=>> leaving, I got assistance from a former co-worker to
=>> install Linux on my
=>> laptop in 2002.
=>> Since then, I've used Fedora Red Hat versions 12, 24, and
=>> recently had my
=>> laptop upgraded to version 36. My experience with system
=>> administration is
=>> limited and I no longer have someone with UNIX/Linux
admin
=>> knowledge to
=>> assist me. The person who installed Fedora v36
suggested I
=>> try CLAMD to get
=>> rid of a virus/whatever that apparently infected my
Chrome
=>> browser when I
=>> went to a music site I had been using for several years;
=>> the site now causes
=>> continual pornographic pop-ups!!
=>>
=>> I also have a Firefox browser and used it to download a
=>> new Chrome after I
=>> deleted the infected one, but I still get the pop-ups.
Was
=>> able to install
=>> CLAMD (rpm) and have read most of the man pages I could
=>> find, and checked
=>> what configuration files, etc., I could find, but still
=>> get the ERROR
=>> message.  What do I need to read, edit, run, etc. to
=>> successfully get the
=>> "clamd" command to work.
=>>
=>> HELP, please!!!   Thanx,  Jan Elliott
=>>
=>> ___
=>>
=>> clamav-users mailing list
=>> clamav-users@lists.clamav.net
=>> https://lists.clamav.net/mailman/listinfo/clamav-users
=>>
=>>
=>> Help us build a comprehensive ClamAV guide:
=>> https://github.com/Cisco-Talos/clamav-documentation
=>>
=>> https://docs.clamav.net/#mailing-lists-and-chat
=>>
=>>
=>> ___
=>>
=>> clamav-users mailing list
=>> clamav-users@lists.clamav.net
=>> https://lists.clamav.net/mailman/listinfo/clamav-users
=>>
=>>
=>> Help us build a comprehensive ClamAV guide:
=>> https://github.com/Cisco-Talos/clamav-documentation
=>>
=>> https://docs.clamav.net/#mailing-lists-and-chat
=>>


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Please help

[Jan Elliott]

Hello -- Thanx for your response, although it really
doesn't help, since I do seem to need a CURE for the
infection I already have.  The pop-ups only start when I
open the Chrome browser and they don't go away until I
reboot. The "virus" (or whatever the problem is called in
this instance) came from a specific website that I have
used many times over the past few years; I wish there was
some way I could warn people to NOT use this site...
unless they're into porn...

I gave my machine to a local shop to assist with some
error messages I started getting  when I booted the Linux
partition (I have Windows on another partition that I
rarely used and NEVER connect to the internet with any
Windows OS!). The techie found that the machine needed to
have more space to get rid of the error messages and
suggested the best way to get ahead of the problem was to
upgrade to the current Linus version, meaning going from
Fedora v24 to v36. As I didn't know at the time that such
an extensive re-do was needed, I didn't make a backup
before I turned over the laptop. I did try to do a backup
recently, but it failed because there wasn't enough room
on the USB drive I tried to use. Was planning to get a
larger drive, but not sure if doing a backup now will do
any good with the screwed-up Chrome browser I now have.
Would you think that removing the browser, then doing a
backup of my $HOME, would be of any help?

I tried to search through as many of the ASCII files that
seem to be part of the ClamD suite, looking for words
like: server, TCP, Linux.  I didn't find any, and tried to
use some of the config tools to set the appropriate
variables, but didn't find what I thought I should be
looking for.

As I said, I am not an experienced system administrator,
getting only some formal training at Bell Labs with the
AT 3B2 computer, and those were pretty stable and the
machines I was in charge of (aka "babysitting") were used
for specific testing, not general usage for all those in
my organization. And the Labs only started using more
Linux after I left.  I've educated myself as best possible
(given that computers are no longer part of my job, since
I'm now retired), using various books I've purchased and
whatever on-line info I've stumbled across. But I'd rather
be not-very-good with Linux than an expert with a Windows
OS!!  The longer I've been away from the Labs, the more
friends and co-workers I lose touch with, so I turn to
"outside" help wherever I can find it.  I've already used
"man" for most of the ClamD commands and tools available,
but sometimes it's better for me to just seek guidance
from any expert whose willing to give me some advise, and
for that I thank you!!

If I totally stop using Chrome, my system seems to be safe
and deleting that browser seems to be called for...
AGAIN...  Since installing the different Linux versions
were done by others (first by a friend with any early text
version, then by "Linux Certified" when I purchased 2
ThinkPads over a period of about 15 years, and they
probably used "rpm" which I only used for the very first
time to re-install Chrome in the hopes of replacing the
"damaged" browser with one that didn't cause those nasty
pop-ups), at least I now know the basics of rpm.

If ClamD is really not what would help me best, do you
have any suggestions (or, better still, recommendations)
for an actual CURE that might work?  I've always thought
Linux to be almost as bullet-proof as UNIX, so this
episode with these pop-ups has been an eye-opener, one
that I could have done without!!!

Again, thanx for your response, and, if you have any
further thoughts, I'd be interested in hearing from you
again.  Jan

=>> Hi there,
=>>
=>> On Wed, 31 Aug 2022, Jan Elliott wrote:
=>>
=>>> TO:  "clamd user questions"
=>>> 
=>>>
=>>> QUESTION:  When I try to execute the command "clamd"  I
=>>> get the following message:
=>>>   ERROR: Please define server type (local and/or TCP)
=>>
=>> The tool (possibly 'clamdscan', but whatever it is) which
=>> tells clamd
=>> what it is to scan communicates with clamd through a
=>> socket.  Running
=>> clamd on Linux, most people most of the time configure
=>> clamd to use a
=>> Unix socket but it can also use a TCP socket.  You
need to
=>> choose one.
=>> Using a TCP socket may have security implications which I
=>> don't think
=>> you need to worry about in your present situation.
=>>
=>>
https://docs.clamav.net/manual/Usage/Configuration.html#clamdconf
=>>
=>> and try the command
=>>
=>> man clamd.conf
=>>
=>> Look for the configuration options which start with "TCP"
=>> and also
=>> those which contain the word "Socket".
=>>
=>>>  The person who installed Fedora v36 suggested I
=>>> try CLAMD to get rid of a virus/whatever that apparently
=>>> infected my Chrome browser ...
=>>
=>> Try to think of ClamAV as an attempt to prevent rather
=>> than a cure.
=>>
=>> It isn't generally a good idea to try to get an infected
=>> system to
=>> repair itself.  If the criminals who 

Re: [clamav-users] Please help

[G.W. Haywood via clamav-users]

Hi there,

On Wed, 31 Aug 2022, Jan Elliott wrote:


TO:  "clamd user questions" 

QUESTION:  When I try to execute the command "clamd"  I
get the following message:
  ERROR: Please define server type (local and/or TCP)


The tool (possibly 'clamdscan', but whatever it is) which tells clamd
what it is to scan communicates with clamd through a socket.  Running
clamd on Linux, most people most of the time configure clamd to use a
Unix socket but it can also use a TCP socket.  You need to choose one.
Using a TCP socket may have security implications which I don't think
you need to worry about in your present situation.

https://docs.clamav.net/manual/Usage/Configuration.html#clamdconf

and try the command

man clamd.conf

Look for the configuration options which start with "TCP" and also
those which contain the word "Socket".


 The person who installed Fedora v36 suggested I
try CLAMD to get rid of a virus/whatever that apparently
infected my Chrome browser ...


Try to think of ClamAV as an attempt to prevent rather than a cure.

It isn't generally a good idea to try to get an infected system to
repair itself.  If the criminals who produced the malicious code are
any good at their jobs - and some of them are *very* good because it
can pay well - they will have ways of preventing something like ClamAV
from doing its job.  There might easily be hundreds of compromised
executables in the box.  If you try to replace them all, you only need
to miss one for the exercise to be pointless.  You could never be sure
that you'd found everything, and you might waste a lot of time finding
out that you hadn't.

My advice is to wipe the system and start from scratch.  Thesedays it
seems that even that isn't always enough and if the threat has reached
into the firmware then you might need to write off the machine, or at
least substantial parts of it.  It isn't an especially likely outcome,
but it's one that you should bear in mind.

What's the state of your backups?

--

73,
Ged.
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Please help

[Eric Tykwinski via clamav-users]

Jan,

Look in clamd.conf for something like:

LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
LocalSocketGroup clamav
LocalSocketMode 666

or

TCPSocket 3310
TCPAddr xxx.xxx.xxx.xxx

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

-Original Message-
From: clamav-users  On Behalf Of Jan
Elliott
Sent: Wednesday, August 31, 2022 3:05 PM
To: clamd user questions 
Subject: [clamav-users] Please help

TO:  "clamd user questions" 

QUESTION:  When I try to execute the command "clamd"  I get the following
message:
   ERROR: Please define server type (local and/or TCP)

BACKGROUND; I worked in Bell Labs for 17 years, where I learned UNIX. After
leaving, I got assistance from a former co-worker to install Linux on my
laptop in 2002.
Since then, I've used Fedora Red Hat versions 12, 24, and recently had my
laptop upgraded to version 36. My experience with system administration is
limited and I no longer have someone with UNIX/Linux admin knowledge to
assist me. The person who installed Fedora v36 suggested I try CLAMD to get
rid of a virus/whatever that apparently infected my Chrome browser when I
went to a music site I had been using for several years; the site now causes
continual pornographic pop-ups!!

I also have a Firefox browser and used it to download a new Chrome after I
deleted the infected one, but I still get the pop-ups. Was able to install
CLAMD (rpm) and have read most of the man pages I could find, and checked
what configuration files, etc., I could find, but still get the ERROR
message.  What do I need to read, edit, run, etc. to successfully get the
"clamd" command to work.

HELP, please!!!   Thanx,  Jan Elliott

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Please help to check the Mirror 140.128.9.18

[Tom Judge]

Hi Michael,

On Wed, May 23, 2012 at 9:02 PM, Michael Wu chmichae...@gmail.com wrote:
    Hello,

    In the logwatch report, we see the message as follows,

   Last Status:
    main.cld is up to date (version: 54, sigs: 1044387, f-level: 60,
 builder: sven)
    Downloading daily-14952.cdiff [100%]
    Downloading daily-14953.cdiff [100%]
    WARNING: getfile: daily-14954.cdiff not found on remote server (IP:
 140.128.9.18)
    WARNING: getpatch: Can't download daily-14954.cdiff from
 database.clamav.net
    WARNING: getpatch: Can't download daily-14954.cdiff from
 database.clamav.net
    ERROR: getpatch: Can't download daily-14954.cdiff from
 database.clamav.net
    WARNING: Incremental update failed, trying to download daily.cvd
    Downloading daily.cvd [100%]
    WARNING: Mirror 140.128.9.18 is not synchronized.
    Update failed. Your network may be down or none of the mirrors listed
 in /etc/freshclam.conf is working. Check
 http://www.clamav.net/support/mirror-problem for possible reasons.

    Please help to check if the Mirror 140.128.9.18 is normal or not. In
 our freshclam.conf, we use the default setting DatabaseMirror
 database.clamav.net.


This mirror seems to have failed to sync one of the cdiff file's on
its last run. I will try to find out more information on why.


 P.S.: I haven't received this mailinglist letter since 05/19. Is that
 normal ? The last mail I receive is Vol. 92 issue 13. Thank you.

I will chase this issue with the mailing list admin team now.

Tom

-- 
Senior Research Engineer
SourceFire Vulnerability Research Team
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Please help to check the Mirror 140.128.9.18

[Tom Judge]

On Thu, May 24, 2012 at 11:15 AM, Tom Judge tju...@sourcefire.com wrote:
 Hi Michael,

 On Wed, May 23, 2012 at 9:02 PM, Michael Wu chmichae...@gmail.com wrote:
    Hello,

    In the logwatch report, we see the message as follows,

   Last Status:
    main.cld is up to date (version: 54, sigs: 1044387, f-level: 60,
 builder: sven)
    Downloading daily-14952.cdiff [100%]
    Downloading daily-14953.cdiff [100%]
    WARNING: getfile: daily-14954.cdiff not found on remote server (IP:
 140.128.9.18)
    WARNING: getpatch: Can't download daily-14954.cdiff from
 database.clamav.net
    WARNING: getpatch: Can't download daily-14954.cdiff from
 database.clamav.net
    ERROR: getpatch: Can't download daily-14954.cdiff from
 database.clamav.net
    WARNING: Incremental update failed, trying to download daily.cvd
    Downloading daily.cvd [100%]
    WARNING: Mirror 140.128.9.18 is not synchronized.
    Update failed. Your network may be down or none of the mirrors listed
 in /etc/freshclam.conf is working. Check
 http://www.clamav.net/support/mirror-problem for possible reasons.

    Please help to check if the Mirror 140.128.9.18 is normal or not. In
 our freshclam.conf, we use the default setting DatabaseMirror
 database.clamav.net.


 This mirror seems to have failed to sync one of the cdiff file's on
 its last run. I will try to find out more information on why.


This issue should have been resolved now.

Thanks for reporting this to us.

Tom

-- 
Senior Research Engineer
SourceFire Vulnerability Research Team
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Please help to check the Mirror 140.128.9.18

[Michael Wu]

 Message: 8
 Date: Thu, 24 May 2012 09:02:28 +0800
 From: Michael Wu chmichae...@gmail.com
 Subject: [clamav-users] Please help to check the Mirror 140.128.9.18
 To: clamav-users@lists.clamav.net
 Message-ID:
CANyeHtMw=_YoZfrTgcMzRCH6WdKk93=MGpHROCSurGPB+3k=1...@mail.gmail.com
 
 Content-Type: text/plain; charset=UTF-8

Hello,

In the logwatch report, we see the message as follows,

   Last Status:
main.cld is up to date (version: 54, sigs: 1044387, f-level: 60,
 builder: sven)
Downloading daily-14952.cdiff [100%]
Downloading daily-14953.cdiff [100%]
WARNING: getfile: daily-14954.cdiff not found on remote server (IP:
 140.128.9.18)
WARNING: getpatch: Can't download daily-14954.cdiff from
 database.clamav.net
WARNING: getpatch: Can't download daily-14954.cdiff from
 database.clamav.net
ERROR: getpatch: Can't download daily-14954.cdiff from
 database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
WARNING: Mirror 140.128.9.18 is not synchronized.
Update failed. Your network may be down or none of the mirrors listed
 in /etc/freshclam.conf is working. Check
 http://www.clamav.net/support/mirror-problem for possible reasons.

Please help to check if the Mirror 140.128.9.18 is normal or not. In
 our freshclam.conf, we use the default setting DatabaseMirror
 database.clamav.net.

Thank you for assistance and best regards,


 Michael

 P.S.: I haven't received this mailinglist letter since 05/19. Is that
 normal ? The last mail I receive is Vol. 92 issue 13. Thank you.



  It is seemed that the Mirror 140.128.9.18 is back to normal again and
I have received the mailinglist letter. Thank you.


Michael
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Please help - Freshclam not updating.

[Todd Lyons]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Nov 01, 2007 at 08:02:58AM -0600, Milton Calnek wrote:

 With no other options, this smells like selinux.
 I second that.
Yah... I'm a die hard RedHat fan... but I haven't had time to explore 
selinux, so when I build a system, I turn it off.

Good to know, that's my SOP as well.

Here's something I just noticed... I did a packet sniff (once on 
internal interface and once on the external interface) while running a 
freshclam.  I did not observe any queries directed to ns1.clamav.net. 
During the internal sniff, I looked for dns queries as well... I didn't 
see any for clamav.net.

strace it running in the foreground (ie no daemonized) and see what's
failing.  It looks like your resolver isn't working as you would expect,
but that could be a problem with the build as well.  I would suggest
that you provide us with your exact freshclam config and the strace and
maybe Luca can spot where it's doing something unexpected.
- -- 
Regards...  Todd
There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo.  Please use in that order. --Ed Howdershelt
Linux kernel 2.6.22.9-desktop-1mdv   load average: 0.41, 0.58, 0.55
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHKd/RY2VBGxIDMLwRApBiAJ9/Ty9XnoDwD9ve1aXWJMLyuU0CPwCdF7IF
nmhPdwdwRYZmP+B2fuzTb9c=
=1Sn1
-END PGP SIGNATURE-
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Please help - Freshclam not updating.

[Milton Calnek]

Luca Gibelli wrote:
 Hello Todd,
 
 Check to make sure that your local iptables firewall and any firewall
 between you and the DNS server does not block TCP port 53 (which is what
 the fallback proto/port is if the DNS answer is more than 512 bytes).
 
 we put a lot of effort in keeping the size of the RR records under 512
 bytes, because TCP queries put too much load on the authoritative DNS 
 servers for clamav.net .

I read that off the FAQ and changed it a couple of weeks ago. Still no 
luck.  Thanks for the tip all the same.

  
 With no other options, this smells like selinux.
 
 I second that.

Yah... I'm a die hard RedHat fan... but I haven't had time to explore 
selinux, so when I build a system, I turn it off.

This system was built in May, freshclam ran well from then till around 
the end of September.

I used the rpm from rpmforge until a day or two ago. And now I'm using 
the rpm from ATrpms.

Here's something I just noticed... I did a packet sniff (once on 
internal interface and once on the external interface) while running a 
freshclam.  I did not observe any queries directed to ns1.clamav.net. 
During the internal sniff, I looked for dns queries as well... I didn't 
see any for clamav.net.

What else can I check out?


-- 
Milton Calnek BSc, A/Slt(Ret.)
[EMAIL PROTECTED]
306-717-8737


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Please help - Freshclam not updating.

[Todd Lyons]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Oct 31, 2007 at 11:33:17AM -0600, Milton Calnek wrote:

[EMAIL PROTECTED] ~]# host -t txt current.cvd.clamav.net
current.cvd.clamav.net descriptive text 0.91.2:44:4641:1193798066:1
[EMAIL PROTECTED] ~]# host db.ca.clamav.net
db.ca.clamav.net has address 24.215.0.24
db.ca.clamav.net has address 67.15.61.160
db.ca.clamav.net has address 205.139.192.213
db.ca.clamav.net has address 209.139.239.158

You obviously can get out to DNS servers.  That's good.

[EMAIL PROTECTED] ~]# freshclam
ClamAV update process started at Wed Oct 31 02:42:03 2007
WARNING: Can't query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): ERROR: Can't get information about
db.ca.clamav.net: Temporary DNS error

Check to make sure that your local iptables firewall and any firewall
between you and the DNS server does not block TCP port 53 (which is what
the fallback proto/port is if the DNS answer is more than 512 bytes).

With no other options, this smells like selinux.

LibClamAV Error: Database Directory: /var/lib/clamav not locked

Odd error, I don't have any guesses at this one.

- -- 
Regards...  Todd
we're off on the usual strange tangents.  next will be whether
it is ethical to walk in your neighbor's open house if they're
running ipv6:-).  --Randy Bush
Linux kernel 2.6.22.9-desktop-1mdv   load average: 0.39, 0.55, 0.91
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHKNnFY2VBGxIDMLwRAtDOAJ0enS5UYEmwbDTP+HMm2a1rQKXYRgCdGlcD
8+o4Ms3CdEsulPhb7yZgfFk=
=/dMr
-END PGP SIGNATURE-
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Please help - Freshclam not updating.

[Rob MacGregor]

On 10/31/07, Milton Calnek [EMAIL PROTECTED] wrote:
 Hello all,

 About a month or so ago, freshclam stopped working for me.  At first I
 thought it might be a short outage, unfortunately that was not the case.

 First freshclams's query for current.cvd.clamav.net fails, but the query
 works when done from the command line.

 It also seems to fail getting info on db.ca.clamav.net, I'm not sure of
 the query involved for the db... but from the command line I can get
 address records.

 I have also tried using db.us.clamav.net and a couple of European
 mirrors too.

 This gateway server uses an internal server that queries root name
 servers and other authoritative name servers.

 I have also tried using my ISP's name server.

 With all combinations, I get more or less the same result.

 Any suggestions?

Two things,

1) You may be able to go standard DNS lookups, but can you lookup TXT
records?  Is DNS over TCP supported by your DNS server (many
organisations block it in the mistaken belief that it improves
security and breaks nothing)

2) See the last post in the thread titled ClamAV patch download not
working in South Africa

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Please help - Freshclam not updating.

[Luca Gibelli]

Hello Todd,

 Check to make sure that your local iptables firewall and any firewall
 between you and the DNS server does not block TCP port 53 (which is what
 the fallback proto/port is if the DNS answer is more than 512 bytes).

we put a lot of effort in keeping the size of the RR records under 512
bytes, because TCP queries put too much load on the authoritative DNS 
servers for clamav.net .
 
 With no other options, this smells like selinux.

I second that.


Best regards

-- 
Luca Gibelli (luca _at_ clamav.net)  ClamAV, a GPL anti-virus toolkit
[Tel] +39 06 916502176 [Fax] +39 0187 015046 [IM] nervous/jabber.linux.it
PGP key id 5EFC5582 @ any keyserver || http://www.clamav.net/gpg/luca.gpg
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Please help - Freshclam not updating.

[Luca Gibelli]

Hello Rob,

  Any suggestions?
 Two things,
 
 1) You may be able to go standard DNS lookups, but can you lookup TXT
 records?  

he explicitly showed that he can.

 Is DNS over TCP supported by your DNS server (many
 organisations block it in the mistaken belief that it improves
 security and breaks nothing)

I agree that it's a mistake to block 53/tcp, but we don't have such big
records so this is not the cause of the problem.

 2) See the last post in the thread titled ClamAV patch download not
 working in South Africa

mirrors in Canada are working just fine.


Best regards

-- 
Luca Gibelli (luca _at_ clamav.net)  ClamAV, a GPL anti-virus toolkit
[Tel] +39 06 916502176 [Fax] +39 0187 015046 [IM] nervous/jabber.linux.it
PGP key id 5EFC5582 @ any keyserver || http://www.clamav.net/gpg/luca.gpg
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Please help me

[Nigel Horne]

Jonathan Armitage [EMAIL PROTECTED] wrote:


Really off topic: the band I was bought in to conduct on Whit
Friday followed you at Uppermill...

--
Nigel Horne. Arranger, Adjudicator, Band Trainer, Composer, Tutor, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Please help me

[Rob Sterenborg]

   So I decided to upgrade to 0.90.2,  from the old source directory I
   did a make uninstall.  I then did a find / -name clamav and
 deleted all the files
   located in all the clamav directories.
 
   I went into the 09.90.2 directory and did the following:
 
   /configure
   make
   make install
 
   When ever i did the make install  i got an follwowing error
 
   error while loading shared libraries: libclamav.so.1:
 cannot open shared object file: No such file or directory

Run ldconfig, see if that solves your problem. You might also check if
your ld.so.conf file is still correct (before running ldconfig).


Grts,
Rob
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Please help me

[Mohammed Ejaz]

Many thanks for u r answer,,

When i run ldconfig follwoing message appeared,  Let me tell you my setup 
Postfix+Amavisd-new+clamav+spamassasin in solrais 8

bash-2.03# ldconfig
bash: ldconfig: command not foun


- Original Message - 
From: Rob Sterenborg [EMAIL PROTECTED]
To: ClamAV users ML clamav-users@lists.clamav.net
Sent: Wednesday, June 06, 2007 9:54 AM
Subject: Re: [Clamav-users] Please help me


   So I decided to upgrade to 0.90.2,  from the old source directory I
   did a make uninstall.  I then did a find / -name clamav and
 deleted all the files
   located in all the clamav directories.

   I went into the 09.90.2 directory and did the following:

   /configure
   make
   make install

   When ever i did the make install  i got an follwowing error

   error while loading shared libraries: libclamav.so.1:
 cannot open shared object file: No such file or directory

 Run ldconfig, see if that solves your problem. You might also check if
 your ld.so.conf file is still correct (before running ldconfig).


 Grts,
 Rob
 ___
 Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
 http://lurker.clamav.net/list/clamav-users.html 

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Please help me

[Rob Sterenborg]

 Many thanks for u r answer,,
 
 When i run ldconfig follwoing message appeared,  Let me tell you my
 setup Postfix+Amavisd-new+clamav+spamassasin in solrais 8
 
 bash-2.03# ldconfig
 bash: ldconfig: command not foun

Well, it may have worked in Linux.
Don't know how Solaris works with dynamic libraries.


Grts,
Rob


 - Original Message -
 From: Rob Sterenborg [EMAIL PROTECTED]
 To: ClamAV users ML clamav-users@lists.clamav.net
 Sent: Wednesday, June 06, 2007 9:54 AM
 Subject: Re: [Clamav-users] Please help me
 
 
   So I decided to upgrade to 0.90.2,  from the old source directory
   I did a make uninstall.  I then did a find / -name clamav and
   deleted all the files located in all the clamav directories.
 
   I went into the 09.90.2 directory and did the following:
 
   /configure
   make
   make install
 
   When ever i did the make install  i got an follwowing error
 
   error while loading shared libraries: libclamav.so.1:
 cannot open shared object file: No such file or directory
 
 Run ldconfig, see if that solves your problem. You might also check
 if your ld.so.conf file is still correct (before running ldconfig).
 
 
 Grts,
 Rob
 ___
 Help us build a comprehensive ClamAV guide: visit
 http://wiki.clamav.net
 http://lurker.clamav.net/list/clamav-users.html 
 
 ___
 Help us build a comprehensive ClamAV guide: visit
 http://wiki.clamav.net
 http://lurker.clamav.net/list/clamav-users.html

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Please help me

[Andrew McGlashan]

Fajar A. Nugraha wrote:
   I went into the 09.90.2 directory and did the following:
   /configure
   make
   make install
 
   When ever i did the make install  i got an follwowing error
 
   error while loading shared libraries: libclamav.so.1:
 cannot open shared object file: No such file or directory
 
 I'm not sure how make install can complain about missing
 libclamav.so.1 since it's not supposed to be installed yet in the
 first place.

How about a:
  make clean
then?

Kind Regards

AndrewM

Andrew McGlashan
Broadband Solutions now including VoIP

Current Fixed Line No: 03 8705 0300
Mobile: 04 2574 1827 Fax: 03 8790 1224

National No: 1300 85 3804

Affinity Vision Australia Pty Ltd
http://www.affinityvision.com.au
http://adsl2choice.net

In Case of Emergency --  http://www.affinityvision.com.au/ice.html
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Please help me

[Jonathan Armitage]

Rob Sterenborg wrote:
 [EMAIL PROTECTED] wrote:
 Hi Ejaz,

 Mohammed Ejaz wrote:
 Any one please me in this


   I went into the 09.90.2 directory and did the following:

   /configure
   make
   make install

   When ever i did the make install  i got an follwowing error

   error while loading shared libraries: libclamav.so.1:
 cannot open shared object file: No such file or directory

 I'm not sure how make install can complain about missing
 libclamav.so.1 since it's not supposed to be installed yet in
 the first place.
 
 Yes, but libclamav.so.1 is a library from ClamAV-0.88.x. Since the OP
 just uninstalled that version, the OS still appears to remember that
 the old lib is there. That's what may happen in Linux, hence the
 ldconfig hint to make the OS forget it's there.
 
 I have not worked with Solaris so I don't know how to solve this.
 Maybe a reboot will help.. grin
 
The Solaris command you are looking for is crle:

crle - configure runtime linking environment.

You need to add the paths to the libraries you need to build clamav. But I 
don't think that's your problem, because if the paths were wrong the make would 
fail.

Check that there is not a symlink lurking somewhere along the lines of

lrwxrwxrwx   1 root root  18 Apr 16 16:41 libclamav.so - 
libclamav.so.2.0.2

but pointing to libclamav.so.1

Jon
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Please help me

[Jose Alf.]

Mohammed,

Most likely the binaries were not linked properly
using the -R flag in Solaris. The following thread has
more information about this
http://www.dbforums.com/showthread.php?t=848174

You can check where the new binaries are looking for
the libclamav.so.1 library running the command

ldd /path/to/clamd

After that, you can create a link from the actual path
to the path the program expects, like so:

ln -s /usr/local/lib/libclamav.so.1
/usr/lib/libclamav.so.1

Regards,
Jose

--- Mohammed Ejaz [EMAIL PROTECTED] wrote:

 Many thanks for u r answer,,
 
 When i run ldconfig follwoing message appeared,  Let
 me tell you my setup 
 Postfix+Amavisd-new+clamav+spamassasin in solrais 8
 
 bash-2.03# ldconfig
 bash: ldconfig: command not foun
 
 
 - Original Message - 
 From: Rob Sterenborg [EMAIL PROTECTED]
 To: ClamAV users ML
 clamav-users@lists.clamav.net
 Sent: Wednesday, June 06, 2007 9:54 AM
 Subject: Re: [Clamav-users] Please help me
 
 
So I decided to upgrade to 0.90.2,  from the
 old source directory I
did a make uninstall.  I then did a find /
 -name clamav and
  deleted all the files
located in all the clamav directories.
 
I went into the 09.90.2 directory and did the
 following:
 
/configure
make
make install
 
When ever i did the make install  i got an
 follwowing error
 
error while loading shared libraries:
 libclamav.so.1:
  cannot open shared object file: No such file or
 directory
 
  Run ldconfig, see if that solves your problem. You
 might also check if
  your ld.so.conf file is still correct (before
 running ldconfig).
 
 
  Grts,
  Rob
  ___
  Help us build a comprehensive ClamAV guide: visit
 http://wiki.clamav.net
  http://lurker.clamav.net/list/clamav-users.html 
 
 ___
 Help us build a comprehensive ClamAV guide: visit
 http://wiki.clamav.net
 http://lurker.clamav.net/list/clamav-users.html
 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Please help me

[Mohammed Ejaz]

 when  i run recomended binary as per the instruction  i have the following 
error, 

I have set the path as follows under my solaris 8 

bash-2.03# echo $LD_LIBRAY_PATH
/usr/local/lib
bash-2.03# echo $PATH
/usr/ccs/bin:/usr/local/bin:/usr/local/sbin:/usr/local/lib:/usr/bin:/usr/sbin:/usr/local/include

bash-2.03# tar xvf clamav-0.91rc1.sol8.tar 
x ., 0 bytes, 0 tape blocks
x usr, 0 bytes, 0 tape blocks
x usr/local, 0 bytes, 0 tape blocks
x usr/local/share, 0 bytes, 0 tape blocks
x usr/local/share/clamav, 0 bytes, 0 tape blocks
x usr/local/share/clamav/test, 0 bytes, 0 tape blocks
x usr/local/share/clamav/test/pe, 0 bytes, 0 tape blocks
x usr/local/share/clamav/test/pe/debugpe.c, 5233 bytes, 11 tape blocks
x usr/local/share/clamav/test/farm, 0 bytes, 0 tape blocks
x usr/local/share/clamav/test/farm/farm.c, 8356 bytes, 17 tape blocks
x usr/local/share/clamav/test/mbox, 0 bytes, 0 tape blocks
x usr/local/share/clamav/test/mbox/debugm.c, 1713 bytes, 4 tape blocks
x usr/local/share/clamav/test/clam-v2.rar, 350 bytes, 1 tape blocks
x usr/local/share/clamav/test/clam-v3.rar, 364 bytes, 1 tape blocks
x usr/local/share/clamav/test/README, 170 bytes, 1 tape blocks
x usr/local/share/clamav/test/clam.cab, 621 bytes, 2 tape blocks
x usr/local/share/clamav/test/clam.exe, 544 bytes, 2 tape blocks
x usr/local/share/clamav/test/clam.zip, 404 bytes, 1 tape blocks
x usr/local/share/clamav/test/clam.exe.bz2, 348 bytes, 1 tape blocks
x usr/local/share/clamav/test/libclamav, 0 bytes, 0 tape blocks
x usr/local/share/clamav/test/libclamav/libclamav.c, 6650 bytes, 13 tape blocks
x usr/local/share/man, 0 bytes, 0 tape blocks
x usr/local/share/man/man1, 0 bytes, 0 tape blocks
x usr/local/share/man/man1/clamscan.1, 8005 bytes, 16 tape blocks
x usr/local/share/man/man1/freshclam.1, 3622 bytes, 8 tape blocks
x usr/local/share/man/man1/sigtool.1, 2346 bytes, 5 tape blocks
x usr/local/share/man/man1/clamdscan.1, 1690 bytes, 4 tape blocks
x usr/local/share/man/man1/clamconf.1, 731 bytes, 2 tape blocks
x usr/local/share/man/man5, 0 bytes, 0 tape blocks
x usr/local/share/man/man5/clamd.conf.5, 9401 bytes, 19 tape blocks
x usr/local/share/man/man5/freshclam.conf.5, 4840 bytes, 10 tape blocks
x usr/local/share/man/man8, 0 bytes, 0 tape blocks
x usr/local/share/man/man8/clamd.8, 2294 bytes, 5 tape blocks
x usr/local/share/man/man8/clamav-milter.8, 13862 bytes, 28 tape blocks
x usr/local/lib, 0 bytes, 0 tape blocks
x usr/local/lib/pkgconfig, 0 bytes, 0 tape blocks
x usr/local/lib/pkgconfig/libclamav.pc, 275 bytes, 1 tape blocks
x usr/local/lib/libclamav.so.2.0.4, 1145449 bytes, 2238 tape blocks
x usr/local/lib/libclamav.so.2 symbolic link to libclamav.so.2.0.4
x usr/local/lib/libclamav.so symbolic link to libclamav.so.2.0.4
x usr/local/lib/libclamav.la, 977 bytes, 2 tape blocks
x usr/local/lib/libclamav.a, 1245030 bytes, 2432 tape blocks
x usr/local/include, 0 bytes, 0 tape blocks
x usr/local/include/clamav.h, 7363 bytes, 15 tape blocks
x usr/local/bin, 0 bytes, 0 tape blocks
x usr/local/bin/clamscan, 80522 bytes, 158 tape blocks
x usr/local/bin/clamdscan, 58094 bytes, 114 tape blocks
x usr/local/bin/freshclam, 111395 bytes, 218 tape blocks
x usr/local/bin/sigtool, 125245 bytes, 245 tape blocks
x usr/local/bin/clamconf, 36752 bytes, 72 tape blocks
x usr/local/bin/clamav-config, 1086 bytes, 3 tape blocks
x usr/local/sbin, 0 bytes, 0 tape blocks
x usr/local/sbin/clamd, 87937 bytes, 172 tape blocks
x usr/local/sbin/clamav-milter, 152536 bytes, 298 tape blocks
x usr/local/etc, 0 bytes, 0 tape blocks
x usr/local/etc/freshclam.conf.example, 3620 bytes, 8 tape blocks
x usr/local/etc/clamd.conf.sol8, 3025 bytes, 6 tape blocks
x usr/local/etc/clamd.conf.example, 9093 bytes, 18 tape blocks
x usr/local/etc/freshclam.conf.sol8, 352 bytes, 1 tape blocks
bash-2.03# pwd
/export/home/mg1/test
bash-2.03# ls
clamav-0.91rc1.sol8.tar  usr
bash-2.03# usr/local/bin/freshclam 
ld.so.1: usr/local/bin/freshclam: fatal: libclamav.so.2: open failed: No such 
file or directory
Killed
bash-2.03# usr/local/bin/freshclam 
ld.so.1: usr/local/bin/freshclam: fatal: libclamav.so.2: open failed: No such 
file or directory
Killed

bash-2.03# 
- Original Message - 
From: Jose Alf. [EMAIL PROTECTED]
To: ClamAV users ML clamav-users@lists.clamav.net
Sent: Wednesday, June 06, 2007 2:27 PM
Subject: Re: [Clamav-users] Please help me


 Mohammed,
 
 Most likely the binaries were not linked properly
 using the -R flag in Solaris. The following thread has
 more information about this
 http://www.dbforums.com/showthread.php?t=848174
 
 You can check where the new binaries are looking for
 the libclamav.so.1 library running the command
 
 ldd /path/to/clamd
 
 After that, you can create a link from the actual path
 to the path the program expects, like so:
 
 ln -s /usr/local/lib/libclamav.so.1
 /usr/lib/libclamav.so.1
 
 Regards,
 Jose
 
 --- Mohammed Ejaz [EMAIL PROTECTED] wrote:
 
 Many thanks for u r answer,,
 
 When i run ldconfig follwoing message appeared,  Let
 me tell

Re: [Clamav-users] Please help me

[Jonathan Armitage]

Mohammed Ejaz wrote:
  when  i run recomended binary as per the instruction  i have the following 
 error, 
 
 I have set the path as follows under my solaris 8 
 
 bash-2.03# echo $LD_LIBRAY_PATH
 /usr/local/lib
 bash-2.03# echo $PATH
 /usr/ccs/bin:/usr/local/bin:/usr/local/sbin:/usr/local/lib:/usr/bin:/usr/sbin:/usr/local/include
 
It's LD_LIBRARY_PATH

But that's not the best way to do it.

Jon
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Please help me

[Steve Holdoway]

On Wed, 06 Jun 2007 11:40:29 +0100
Jonathan Armitage [EMAIL PROTECTED] wrote:

 The Solaris command you are looking for is crle:
 
 crle - configure runtime linking environment.
 
 You need to add the paths to the libraries you need to build clamav. But I 
 don't think that's your problem, because if the paths were wrong the make 
 would 
 fail.
 
 Check that there is not a symlink lurking somewhere along the lines of
 
 lrwxrwxrwx   1 root root  18 Apr 16 16:41 libclamav.so - 
 libclamav.so.2.0.2
 
 but pointing to libclamav.so.1

... or just set LD_LIBRARY_PATH?
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

RE: [Clamav-users] Please help with this error...

[Matthew.van.Eerde]

John Tebbe wrote:
 
 We receive a lot of data from customers that attach ZIP files. All
 has been going well until recently. A certain customer attempts to
 send a zip file and it gets bounced back to them. Other customers are
 not having this issue. Below is the clamd log file.

Check to see that it's really a .zip file.
As a workaround, ask the customer to rename the file to have an extension
.zip-remove

and see if that gets through.

-- 
Matthew.van.Eerde (at) hbinc.com   805.964.4554 x902
Hispanic Business Inc./HireDiversity.com   Software Engineer
___
http://lurker.clamav.net/list/clamav-users.html

RE: [Clamav-users] Please help with this error...

[John Tebbe]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, December 01, 2005 12:33 PM
To: clamav-users@lists.clamav.net
Subject: RE: [Clamav-users] Please help with this error...

John Tebbe wrote:
 
 We receive a lot of data from customers that attach ZIP files. All
 has been going well until recently. A certain customer attempts to
 send a zip file and it gets bounced back to them. Other customers are
 not having this issue. Below is the clamd log file.

Check to see that it's really a .zip file.
As a workaround, ask the customer to rename the file to have an extension
.zip-remove

and see if that gets through.
[John Tebbe] 

The above didn't work...

 [John Tebbe] 

Okay, I'm going about this a little backwards. In reading the archives, it
appears there is a problem with AES128 and AES256 encryption. If I unzip the
file and rezip it up using using standard Zip 2 encryption, the file goes
through. Does anyone know if this has been fixed? 

John

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Please help with this error...

[Stephen Gran]

On Thu, Dec 01, 2005 at 02:00:14PM -0600, John Tebbe said:
 Okay, I'm going about this a little backwards. In reading the
 archives, it appears there is a problem with AES128 and AES256
 encryption. If I unzip the file and rezip it up using using standard
 Zip 2 encryption, the file goes through. Does anyone know if this has
 been fixed? 

clamav uses the zlib library for handling zip files, and it has had no
enhancements (nor is it likely to, last I heard) in this direction.

I have been pondering how hard it would be to port clamav to use the
infozip routines instead, but it looks like a fair amount of work, and I
am not sure how portable the infozip stuff is, or how well packaged
(Debian doesn't ship the shared libraries at present, not sure about
other distros).  The advantage of infozip is that it seems to support a
wider variety of zip file formats, but there are obvious disadvantages
as well.

Comments from others in the community about this idea would be
appreciated.  Sorry I can't be more helpful to you, John, but there it
is.
-- 
 --
|  Stephen Gran  | I just forgot my whole philosophy of|
|  [EMAIL PROTECTED] | life!!! |
|  http://www.lobefin.net/~steve | |
 --


signature.asc
Description: Digital signature
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Please help with this error...

[Tomasz Kojm]

On Thu, 1 Dec 2005 21:48:21 +
Stephen Gran [EMAIL PROTECTED] wrote:

 On Thu, Dec 01, 2005 at 02:00:14PM -0600, John Tebbe said:
  Okay, I'm going about this a little backwards. In reading the
  archives, it appears there is a problem with AES128 and AES256
  encryption. If I unzip the file and rezip it up using using standard
  Zip 2 encryption, the file goes through. Does anyone know if this has
  been fixed? 
 
 clamav uses the zlib library for handling zip files, and it has had no
 enhancements (nor is it likely to, last I heard) in this direction.
 
 I have been pondering how hard it would be to port clamav to use the
 infozip routines instead, but it looks like a fair amount of work, and I
 am not sure how portable the infozip stuff is, or how well packaged
 (Debian doesn't ship the shared libraries at present, not sure about
 other distros).  The advantage of infozip is that it seems to support a
 wider variety of zip file formats, but there are obvious disadvantages
 as well.

The zip unpacker in libclamav contains a lot of enhancements that help
to handle malicious and handcrafted archives which infozip fails to
unpack. Porting them back into infozip is out of our scope.

 Comments from others in the community about this idea would be
 appreciated.  Sorry I can't be more helpful to you, John, but there it
 is.

It's a problem of the OP and not ClamAV that he is running an outdated
version. The problem with AES encrypted zip archives was fixed more
than five months ago in 0.86:

Sun Jun 19 21:37:07 CEST 2005
-
  V 0.86
  * Fixes backported from CVS:
[...]
- libclamav/zziplib/zzip-file.c: add method id for AES encrypted
  archives (thanks to David Majorel dm*lagoon.nc) (tk)

-- 
   oo. Tomasz Kojm [EMAIL PROTECTED]
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Thu Dec  1 23:07:06 CET 2005


signature.asc
Description: PGP signature
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Please help

[Nigel Horne]

On Tuesday 15 Feb 2005 09:34, Harald Villemoes wrote:
 I have a loop problem after upgrading clamav (through clamwin) from 0.6x
 til 0.82 and 0.83.
 The problem is, that certain low frequency mail files with the virus:
 Worm.SomeFool.Gen-1 causes the clamscan program to loop infinitely.
 
 I have a sample mail file, that causes the problem. I have run this with
 debug output and sent the whole lot to this list, but the message is
 hanging in a moderator queue due to size.
 I then tried to upload the mail file to the virus file input page, but
 there it was rejected, because it was already a known virus (which is
 quite right).
 
 So how do I report a reproducable problem in clamav including test output
 and test data ?

Zip the email with password virus and e-mail it as an attachment directly to 
me.


   Harald Villemoes


-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Please help

[Trog]

On Tue, 2005-02-15 at 09:34 +, Harald Villemoes wrote:
 I have a loop problem after upgrading clamav (through clamwin) from 0.6x
 til 0.82 and 0.83.
 The problem is, that certain low frequency mail files with the virus:
 Worm.SomeFool.Gen-1 causes the clamscan program to loop infinitely.
 
 I have a sample mail file, that causes the problem. I have run this with
 debug output and sent the whole lot to this list, but the message is
 hanging in a moderator queue due to size.
 I then tried to upload the mail file to the virus file input page, but
 there it was rejected, because it was already a known virus (which is
 quite right).

Upload the sample as a false positive, and put the above in the notes
section.

-trog



signature.asc
Description: This is a digitally signed message part
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Please help ERROR: Parse error at line 142: Unknown option Archive

[John Vestrum]

On Tuesday 09 March 2004 12:31 pm, you wrote:
 Here is the error that I am getting. I don't understand why Archive
 would not be known

 ERROR: Parse error at line 142: Unknown option Archive.
 ERROR: Can't open/parse the config file /usr/local/etc/clamav.conf

Well, according to the clamav.conf man page, there is no Archive option. 
There are options such as:

ScanArchive
ArchiveMaxFileSize
ArchiveMaxRecursion
ArchiveMaxFiles
ArchiveMaxCompressionRatio
ArchiveLimitMemoryUsage
ClamukoScanArchive

JohnV


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Please help ERROR: Parse error at line 142: Unknown option Archive

[Jim Maul]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of bryce
Sent: Tuesday, March 09, 2004 1:31 PM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] Please help ERROR: Parse error at line 142:
Unknown option Archive
Here is the error that I am getting. I don't understand why Archive would
not be known
ERROR: Parse error at line 142: Unknown option Archive.
ERROR: Can't open/parse the config file /usr/local/etc/clamav.conf

Why shouldnt archive be an unknown option?  There is no option called just
Archive.  What are you trying to accomplish?


All options with Archive:

## Archive support
ScanArchive
ArchiveMaxFileSize 10M
# Archives are scanned recursively - e.g. if Zip archive contains RAR file,
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200
#ArchiveLimitMemoryUsage
# (This option doesn't depend on ScanArchive, you can have archive support
ClamukoScanArchive


Jim



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Please help ERROR: Parse error at line 142: Unknown option Archive

[bryce]

Fixed it. Was just me being stupid with the config file


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jim Maul
Sent: Tuesday, March 09, 2004 11:31 AM
To: [EMAIL PROTECTED]
Subject: RE: [Clamav-users] Please help ERROR: Parse error at line 142:
Unknown option Archive

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of bryce
Sent: Tuesday, March 09, 2004 1:31 PM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] Please help ERROR: Parse error at line 142:
Unknown option Archive
Here is the error that I am getting. I don't understand why Archive
would
not be known
ERROR: Parse error at line 142: Unknown option Archive.
ERROR: Can't open/parse the config file /usr/local/etc/clamav.conf

Why shouldnt archive be an unknown option?  There is no option called
just
Archive.  What are you trying to accomplish?


All options with Archive:

## Archive support
ScanArchive
ArchiveMaxFileSize 10M
# Archives are scanned recursively - e.g. if Zip archive contains RAR
file,
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200
#ArchiveLimitMemoryUsage
# (This option doesn't depend on ScanArchive, you can have archive
support
ClamukoScanArchive


Jim



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Please Help .. Redolf out of control

[Ted Fines]

Try here:
http://www.ravantivirus.com/virus/showvirus.php?v=123
Ted

--On Wednesday, February 11, 2004 4:10 PM +0200 Gregory Machin 
[EMAIL PROTECTED] wrote:

Before I setup the virus scanning the Redolf virus attacked my network.
Does anyone know of a fix to remove the virus from infected files, so
that i don't have to format and reload all the windows machines ...
Many Thanks
Gregory Machin






---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users