Re: [Clamav-users] Worm.SCO.A
On Wed, Jan 28, 2004 at 01:01:35PM -0300, Patricia Viana wrote : Hi. [...] It seams to be the same virus as MyDoom or Novarg. Can anyone confirm this?! Thanks. Att, Patrícia Viana Indeed, all those names belong to the same virus. please, configure your mail client to avoid html mails like yours. /ddm -- Denis De Messemacker GnuPG Key-ID: 0x02787880 [EMAIL PROTECTED] http://www.e-labs.org [EMAIL PROTECTED] http://www.ClamAV.net - A GPL virus scanner --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Nebee install
I would like to install this and am looking for some help to get it running in CHROOT and with OpenBSD, Postfix, Amavisd-new, SpamAssassin, Razor and DCC. Can anyone point me to an install guide i have tried some and have had no luck getting it to work. Paul
[Clamav-users] clamav-milter dies after reaching max-thread count
Noticed that clamav-milter wasn't running and then found the following in the logs. I'm running clamd 0.65 and clamav-milter 0.60p. I'm afraid I don't have much other information. Jan 29 04:46:18 earth clamav-milter[983]: hit max-children limit (20 = 20): waiting for some to exit Jan 29 04:46:18 earth clamav-milter[983]: clamfi_connect: connection from [62.113.89.162] [62.113.89.162] Jan 29 04:46:19 earth clamav-milter[983]: hit max-children limit (20 = 20): waiting for some to exit Jan 29 04:46:19 earth clamav-milter[983]: hit max-children limit (20 = 20): waiting for some to exit Jan 29 04:46:34 earth clamav-milter[983]: clamfi_connect: connection from [62.113.89.162] [62.113.89.162] Jan 29 04:46:34 earth clamav-milter[983]: hit max-children limit (20 = 20): waiting for some to exit Jan 29 04:46:41 earth clamav-milter[983]: clamfi_connect: connection from escom-gw.customer.0rbitel.net [195.24.44.213] Jan 29 04:46:41 earth clamav-milter[983]: hit max-children limit (20 = 20): waiting for some to exit Jan 29 04:47:18 earth clamav-milter[983]: Timeout waiting for a child to die Jan 29 04:47:34 earth clamav-milter[983]: Timeout waiting for a child to die Jan 29 04:47:41 earth clamav-milter[983]: Timeout waiting for a child to die Jan 29 04:47:44 earth clamav-milter[983]: clamfi_connect: connection from 82-36-32-123.cable.ubr03.smal.blueyonder.co.uk [82.36.32.123] Jan 29 04:47:45 earth clamav-milter[983]: hit max-children limit (24 = 20): waiting for some to exit Jan 29 04:48:23 earth clamav-milter[983]: clamfi_connect: connection from 217-165-200.adsl.tele2.no [193.217.165.200] Jan 29 04:48:23 earth clamav-milter[983]: hit max-children limit (24 = 20): waiting for some to exit Jan 29 04:48:25 earth clamav-milter[983]: clamfi_connect: connection from [62.117.66.66] [62.117.66.66] Jan 29 04:48:26 earth clamav-milter[983]: hit max-children limit (24 = 20): waiting for some to exit Jan 29 04:48:32 earth clamav-milter[983]: clamfi_connect: connection from ellada.com.ua [193.138.84.106] Jan 29 04:48:37 earth clamav-milter[983]: clamfi_connect: connection from [62.117.66.66] [62.117.66.66] Jan 29 04:48:37 earth clamav-milter[983]: hit max-children limit (24 = 20): waiting for some to exit Jan 29 04:48:42 earth clamav-milter[983]: clamfi_connect: connection from [62.32.51.198] [62.32.51.198] Jan 29 04:48:44 earth clamav-milter[983]: hit max-children limit (24 = 20): waiting for some to exit Jan 29 04:48:45 earth clamav-milter[983]: Timeout waiting for a child to die Jan 29 04:48:47 earth clamav-milter[983]: hit max-children limit (25 = 20): waiting for some to exit Jan 29 04:48:48 earth clamav-milter[983]: clamfi_connect: connection from [62.117.66.66] [62.117.66.66] Jan 29 04:48:48 earth clamav-milter[983]: hit max-children limit (25 = 20): waiting for some to exit Jan 29 04:48:58 earth clamav-milter[983]: clamfi_connect: connection from ds81-30-200-53.ufanet.ru [81.30.200.53] Jan 29 04:48:59 earth clamav-milter[983]: hit max-children limit (25 = 20): waiting for some to exit Jan 29 04:49:00 earth clamav-milter[983]: clamfi_connect: connection from ellada.com.ua [193.138.84.106] Jan 29 04:49:04 earth clamav-milter[983]: hit max-children limit (25 = 20): waiting for some to exit Jan 29 04:49:09 earth clamav-milter[983]: clamfi_connect: connection from [62.117.66.66] [62.117.66.66] Jan 29 04:49:09 earth clamav-milter[983]: hit max-children limit (25 = 20): waiting for some to exit Jan 29 04:49:11 earth clamav-milter[983]: clamfi_connect: connection from ds81-30-200-53.ufanet.ru [81.30.200.53] Jan 29 04:49:12 earth clamav-milter[983]: hit max-children limit (25 = 20): waiting for some to exit Jan 29 04:49:12 earth clamav-milter[983]: clamfi_connect: connection from [62.32.51.198] [62.32.51.198] Jan 29 04:49:13 earth clamav-milter[983]: hit max-children limit (25 = 20): waiting for some to exit Jan 29 04:49:20 earth clamav-milter[983]: clamfi_connect: connection from [64.243.77.136] [64.243.77.136] Jan 29 04:49:20 earth clamav-milter[983]: hit max-children limit (25 = 20): waiting for some to exit Jan 29 04:49:23 earth clamav-milter[983]: Timeout waiting for a child to die Jan 29 04:49:25 earth clamav-milter[983]: clamfi_connect: connection from [62.32.51.198] [62.32.51.198] Jan 29 04:49:26 earth clamav-milter[983]: Timeout waiting for a child to die Jan 29 04:49:26 earth clamav-milter[983]: hit max-children limit (27 = 20): waiting for some to exit Jan 29 04:49:37 earth sendmail[17144]: i0TBnbQU017144: Milter (clmilter): error connecting to filter: Connection refused by /var/run/clamav/clamav-milter.sock -- Orion Poplawski System Administrator 303-415-9701 x222 Colorado Research Associates/NWRA FAX: 303-415-9702 3380 Mitchell Lane, Boulder CO 80301 http://www.co-ra.com --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the
Re: [Clamav-users] clamav-milter dies after reaching max-thread count
On Fri, 30 Jan 2004, Orion Poplawski wrote: Noticed that clamav-milter wasn't running and then found the following in the logs. I'm running clamd 0.65 and clamav-milter 0.60p. I'm afraid I don't have much other information. Jan 29 04:46:18 earth clamav-milter[983]: hit max-children limit (20 = 20): waiting for some to exit Jan 29 04:46:18 earth clamav-milter[983]: clamfi_connect: connection from [62.113.89.162] [62.113.89.162] Jan 29 04:46:19 earth clamav-milter[983]: hit max-children limit (20 = 20): waiting for some to exit That is due to hi traffic of SCO virus. Increase max-children in CLAMAV_FLAGS of clamav-milter . Try with 40 Best Regards - Germán González PoderNet León http://leon.podernet.com.mx - --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] ERROR: Clamuko: Can't register with Dazuko
Hello, I'm trying to install ClamAV with real-time protection (on open, on close, on exec) on a Pentium II with RedHat Linux 9.0. As far as I could understand, for that I need Dazuko installed and ClamukoScanOnLine activated. When I start the clamd service I get the following message in the clamd.log file: ERROR: Clamuko: Can't register with Dazuko I read that Dazuko only can interact with processes running as root, but ClamAV is running with clamav user. I'm pretty sure I read somewhere that clamav shouldn't be run with root user (I can't find it now to read again the context, but I guess that was for security reasons). In spite of that I changed the clamav.conf file from User clamav to User root, but after that change when I started the service the system became extremely slowly, so I had to reboot (manually) my computer (I couldn't even execute an ls command, but it didn't really hang-up, I could change from window to window). After reboot I found in clamd.log: Clamuko: Correctly registered with Dazuko. So my questions are the following: - Must clamd be run as root user in order to enable real-time protection? - Is it normal that my computer became so slow? Can this be solved? How? - Do you have any suggestion? I need real-time protection enabled. Regards, and thanks in advance, --Claudio Los mejores usados y las más tentadoras ofertas de 0km están en Yahoo! Autos. Comprá o vendé tu auto en http://autos.yahoo.com.ar --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamav-milter not honoring the --quiet switch?
As far as I can tell, running --quiet shouldn't send email to *anyone* from clamav-milter. I'm still seeing it send 550 REJECT messages back to the original sender. Is there another switch I need to set? I'm running ClamAV from the FreeBSD 4.8 clamav-devel port (ClamAV version 'clamd / ClamAV version devel-20040129', clamav-milter version '0.66g'), and these are the switches I pass to clamav-milter: --quiet --quarantine-dir=/mail/quarantine/clamav --local --outgoing --max-children=50 /var/run/clamav/clmilter.sock Any thoughts? Thanks! -- Dan Bongert [EMAIL PROTECTED] SSCC Unix System Administrator --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav-milter
On Wednesday 28 Jan 2004 2:54 pm, Robert Middleswarth wrote: Does that mean they are simple deleted or are they passed though with a header saing virus? There is currently no option to pass flagged viruses through the milter. Thanks Robert Middleswarth -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Problems with qmail-scanner + clamav
I'm running qmail-scanner 1.20 and clamav 0.65. In watching the qmail-scanner logs,
I've found that clamscan is, indeed, being called with the proper arguments. I've
even added some debug messages to qmail-scanner-queue.pl and found that all of the
arguments are fine.
But here is the section of code where things go awry:
$DD=`$clamscan_binary $clamscan_options $ENV{'TMPDIR'} 21`;
$clamscan_status=($? 8);
debug(--output of clamscan was:\n$DD--);
And here is the log output of a mail that was infected with SCO.A:
Fri, 30 Jan 2004 13:09:12 -0500:8991: run /usr/local/bin/clamscan -r --disable-summary
--mbox --max-recursion=10 --max-space=100
/var/spool/qmailscan/tmp/hotname.net10754861524628991 21
Fri, 30 Jan 2004 13:09:12 -0500:8991: !!--output of clamscan was:
--
So the $DD variable is getting assigned to nothing. Now, there should be output
whether there is a virus or not. The binary is in the proper location and some of my
own debug messages have verified the $clamscan_options and $ENV{'TMPDIR'}. I have
also run my own scans on infected mails, using the same directory format that
qmail-scanner uses (I just quickly copied one while it was being scanned). I've done
it on the command line and using the same perl syntax. My results differ. I am
getting clamscan's output just fine, as well as the proper exit status of 1.
Has anyone else had this issue? Any ideas? Could it be a perl problem (running perl
5.8.0)?
I'd appreciate any help with this.
Jeremy Doolin
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav-milter not honoring the --quiet switch?
On Fri, 30 Jan 2004 at 11:42:25 -0600, Dan Bongert wrote: As far as I can tell, running --quiet shouldn't send email to *anyone* from clamav-milter. I'm still seeing it send 550 REJECT messages back to the original sender. Is there another switch I need to set? I'm running ClamAV from the FreeBSD 4.8 clamav-devel port (ClamAV version 'clamd / ClamAV version devel-20040129', clamav-milter version '0.66g'), and these are the switches I pass to clamav-milter: --quiet --quarantine-dir=/mail/quarantine/clamav --local --outgoing --max-children=50 /var/run/clamav/clmilter.sock I don't know milter but I suspect that you may misunderstand what 550 REJECT messages are. These are not email messages which are _sent_ to anyone. These are responses given by a SMTP server to a SMTP client which (the client) is trying to submit some email message to the SMTP server. These are simply refusals of accepting an email message, not sendings some messages to some email addresses. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clamav-milter not honoring the --quiet switch?
As far as I can tell, running --quiet shouldn't send email to *anyone* from clamav-milter. I'm still seeing it send 550 REJECT messages back to the original sender. Is there another switch I need to set? 0.66j added the --noreject option. Try that. Dan Bongert [EMAIL PROTECTED] SSCC Unix System Administrator -Nigel --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamscan; clamdscan
Hello Micha, Thursday, January 29, 2004, 10:13:41 AM, you wrote: MS Last night I made a small change to qmail-scanner.pl- I added 'worm.sco.a' MS to the array $silent_viruses_array. (To prevent sending Virus Found messages MS to innocent sender addresses) did you edit it with something like pico? Some editors add nasty breaks without further notice. This can screw up almost every script. Maybe you should try to rebuild it with the Q-S install script. hth -- Best regards, Christophmailto:[EMAIL PROTECTED] --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav-milter
On Wednesday 28 Jan 2004 2:54 pm, Robert Middleswarth wrote: Does that mean they are simple deleted or are they passed though with a header saing virus? There is currently no option to pass flagged viruses through the milter. Thanks Robert Middleswarth -Nigel So that means they are deleted and go away never to be seen again correct? --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamdscan ; clamscan
Last night, in an attempt to stop the Virus Found notifications being sent to a false sender address by the Worm.SCO.A, I added to my silent_viruses_array in the Q-S.pl script 'worm.sco.a'. (right after 'klez','bugbear') As soon as I did that, clamav stopped recognizing the virus. I had been running clamd, and the Q-S.pl script was using clamscan_binary=clamdscan successfully for several weeks. This morning I changed the clamscan_binary to clamscan, and immediately the logs began filling with CLAMSCAN:Worm.SCO.A. What could be the cause of clamdscan stopping to work? I'd like to go back to using the clamd daemon to save memory and processing time for each message. The difference is dramatic, as has been mentioned here several times. TIA --Micha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav-milter dies after reaching max-thread count
[EMAIL PROTECTED] wrote: That is due to hi traffic of SCO virus. Increase max-children in CLAMAV_FLAGS of clamav-milter . Try with 40 I understand why it hit the limit, and I'm happy to increase it. But, I posit that clamav-milter shouldn't *crash* because of it. -- Orion Poplawski System Administrator 303-415-9701 x222 Colorado Research Associates/NWRA FAX: 303-415-9702 3380 Mitchell Lane, Boulder CO 80301 http://www.co-ra.com --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav-milter not honoring the --quiet switch?
I'm running ClamAV from the FreeBSD 4.8 clamav-devel port (ClamAV version 'clamd / ClamAV version devel-20040129', clamav-milter version '0.66g'), and these are the switches I pass to clamav-milter: --quiet --quarantine-dir=/mail/quarantine/clamav --local --outgoing --max-children=50 /var/run/clamav/clmilter.sock I don't know milter but I suspect that you may misunderstand what 550 REJECT messages are. These are not email messages which are _sent_ to anyone. These are responses given by a SMTP server to a SMTP client which (the client) is trying to submit some email message to the SMTP server. These are simply refusals of accepting an email message, not sendings some messages to some email addresses. with sendmail, when you configure your milter, you can set it so that 1) if the milter fails, the message is accepted anyway this is REJECT 2) if the milter fails, the sending server is told to try again later this is TEMPFAIL 3) if the milter fails, the message is delivered anyway, even though it didn't go through the milter. you configure this in your sendmail.mc, using the F parameter. (F=R or F=T or nothing) you need to figure out why the milter fails (have you looked at the maillog ?) Thanks, Jok --- Nothing is foolproof to a sufficiently talented fool... oo ,(..)\ ~~ --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clam doesn't detect EICAR and zipped virii but detects others
On Thursday 29 January 2004 6:46 am, Allyn Baskerville wrote: I have worked on this for quite some time, and I'm not sure why Clam won't detect the Eicar test virus. It does for most people It does, however, detect other virii. Additionally, virii in zipped files are not detected. If I scan the files manually, i.e. 'clamscan eicar.com' or 'clamscan eicar.zip', the following is returned: Known viruses: 20584 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB I/O buffer size: 131072 bytes Time: 0.437 sec (0 m 0 s) Well, this certainly suggests that it has successfully found the virus: Infected files: 1. You say this is what happens when you scan the files manually - what do you have to do to get clamscan not to detect Eicar? Antony. -- Programming is a Dark Art, and it will always be. The programmer is fighting against the two most destructive forces in the universe: entropy and human stupidity. They're not things you can always overcome with a methodology or on a schedule. - Damian Conway, Perl God Please reply to the list; please don't CC me. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] visual polling system (was: Re: SOT: SCO.A disappearing?)
Jessica Ruble-English wrote: Still getting plenty SCO.A's over herer too. Has anybody started seeing the variant MyDoom.B yet? As of 2004/01/30 @ 09:44 AM EST I haven't seen a single MyDoom.B. It would be REALLY slick to put together a restricted (trusted) ClamAV polling system with select ClamAV users around the world so we could see a visual map of how these things spread and where the damage or infection is greatest. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problems with qmail-scanner + clamav SOLVED
I found the problem. My softlimit was too low. Raised it to 20 MB and it's fine.
On Fri, Jan 30, 2004 at 01:25:20PM -0500, Jeremy Doolin saith:
I'm running qmail-scanner 1.20 and clamav 0.65. In watching the qmail-scanner logs,
I've found that clamscan is, indeed, being called with the proper arguments. I've
even added some debug messages to qmail-scanner-queue.pl and found that all of the
arguments are fine.
But here is the section of code where things go awry:
$DD=`$clamscan_binary $clamscan_options $ENV{'TMPDIR'} 21`;
$clamscan_status=($? 8);
debug(--output of clamscan was:\n$DD--);
And here is the log output of a mail that was infected with SCO.A:
Fri, 30 Jan 2004 13:09:12 -0500:8991: run /usr/local/bin/clamscan -r
--disable-summary --mbox --max-recursion=10 --max-space=100
/var/spool/qmailscan/tmp/hotname.net10754861524628991 21
Fri, 30 Jan 2004 13:09:12 -0500:8991: !!--output of clamscan was:
--
So the $DD variable is getting assigned to nothing. Now, there should be output
whether there is a virus or not. The binary is in the proper location and some of
my own debug messages have verified the $clamscan_options and $ENV{'TMPDIR'}. I
have also run my own scans on infected mails, using the same directory format that
qmail-scanner uses (I just quickly copied one while it was being scanned). I've
done it on the command line and using the same perl syntax. My results differ. I
am getting clamscan's output just fine, as well as the proper exit status of 1.
Has anyone else had this issue? Any ideas? Could it be a perl problem (running perl
5.8.0)?
I'd appreciate any help with this.
Jeremy Doolin
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] qmail-scanner install
All- I am the Technology Director for a small, independent news organization. We are running qmail for our internal email and for some of our subcsribers (30 accts.). With the recent rash of viruses, we see the need to run AV Spam filters. My sys admin and I, while *nix savvy, are not qmail experts. I am looking for someone with significant qmail+clam+sa experience to assisst us in configuring our email server. This would be a contract job with no need for future support (assuming adequate documentation of changes is provided). If anyone in this list is qualified interested, please contact me. Thanks! Tim Crouch Director of Technology t r u t h o u t [EMAIL PROTECTED] --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Clamdscan problem
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas Lamy Sent: Thursday, January 29, 2004 3:06 AM To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] Clamdscan problem Jose R. Ortiz Ubarri wrote: # clamdscan readme.zip /root/readme.zip: Can't access the file ERROR --- SCAN SUMMARY --- Infected files: 0 Time: 0.001 sec (0 m 0 s) And everything I try to scan gives me the same ERROR. I suspect clamd is not running as root, and an ordinary user doesn't have privileges to read that file. Thomas I have this problem as well. Thing is, i start the clamd service while i am root, but clamd is running as my clamav user. I always thought this was the correct way to do it. Isnt clamd running as root a bad idea? my clamav.conf shows: # Run as selected user (clamd must be started by root). # By default it doesn't drop privileges. User clamav It was set this way by default, i made no changes. Is something else wrong? Thanks Jim smime.p7s Description: S/MIME cryptographic signature
Re: [Clamav-users] SOT: SCO.A disappearing?
Quoting Jeff Gojkovich [EMAIL PROTECTED]: Nope, still getting hit with it. I am seeing a few SCO.A along with Gibe.F. Total is slightly higher than before the SCO outbreak, but numbers yesterday and today (-0500 UTC) are nothing like Tuesday. Odd. Jeffrey --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Handling Quarantined Virii
Hi all, How does everyone handle the clamav quarantine? I'm running clamav w/ qmail-scanner and every virus laden email gets put into the quarantine folder... Is it even worth it to quarantine at all? I did look through the archives, but I didn't see anything about this... So, if I overlooked something, I apologize. Thanks! -- --- Jason H. Frisvold Backbone Engineering Supervisor Penteledata Engineering [EMAIL PROTECTED] RedHat Engineer - RHCE # 803004140609871 MySQL Core Certified - ID# 205982910 --- Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world. -- Albert Einstein [1879-1955] signature.asc Description: This is a digitally signed message part
Re: [Clamav-users] qmail-scanner install
Tim Crouch wrote: All- I am the Technology Director for a small, independent news organization. We are running qmail for our internal email and for some of our subcsribers (30 accts.). With the recent rash of viruses, we see the need to run AV Spam filters. My sys admin and I, while *nix savvy, are not qmail experts. I am looking for someone with significant qmail+clam+sa experience to assisst us in configuring our email server. This would be a contract job with no need for future support (assuming adequate documentation of changes is provided). If anyone in this list is qualified interested, please contact me. Thanks! Tim Crouch Director of Technology t r u t h o u t [EMAIL PROTECTED] Hello, We specialize in doing just that. A normal installation should take under 30 minutes to complete assuming qmail is already installed and running correctly. You may visit our website at http://www.limelyte.net for prices and contact information. Contact with previous clients can be provided as well, we have many satisfied customers. Regards, Rick Macdougall --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Solaris 8 Problem ?
Hi! I'm running sendmail 8.12.10 with ClamAV version 'clamd / ClamAV version devel-20040108', clamav-milter version '0.66c' And in gerneral I'm very happy with it. There is only one problem (and I reported it already several times!!). Sometimes clamd crashes and just before it crashes I get a lot of messages in clamd.log e.g. Sat Jan 24 19:45:25 2004 - ERROR: accept() failed. Sat Jan 24 19:45:25 2004 - ERROR: accept() failed. I can't imagine that no other user of clamav has this problem and it exists since September. I'm also willing to debug it or help someone to discover the problem but up to now no one responded to my mails Best regards Wolfgang --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] BUG? and question
On Wed, 28 Jan 2004 21:55:58 +0700 Andrey V. Malyshev [EMAIL PROTECTED] wrote: Hello! 1) clamav-devel-20040127: clamd crashes without any log records when virus bases reloading command sent. It appears _only_ when UseProcesses in clamav.conf is enable. UseProcesses is completely broken - please don't use it yet. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Jan 29 11:12:03 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] Clamdscan problem
On Thu, 29 Jan 2004 at 9:28:51 -0500, Jim Maul wrote: -Original Message- Jose R. Ortiz Ubarri wrote: # clamdscan readme.zip /root/readme.zip: Can't access the file ERROR And everything I try to scan gives me the same ERROR. I suspect clamd is not running as root, and an ordinary user doesn't have privileges to read that file. Thomas I have this problem as well. Thing is, i start the clamd service while i am root, but clamd is running as my clamav user. I always thought this was the correct way to do it. Isnt clamd running as root a bad idea? Yes, running clamd as root _is_ a bad idea. my clamav.conf shows: # Run as selected user (clamd must be started by root). # By default it doesn't drop privileges. User clamav It was set this way by default, i made no changes. Is something else wrong? No, it's OK. It's done on purpose! In most cases ClamAV is used for scanning email. So it's sufficient to run it as a dedicated user which has read access to stream of mail. If you have such a special need to scan all files in the system (these not readable for all as well), then of course clamdscan won't be able to access them. You can use clamscan instead. Or run clamd as root (not recommended). Note that then all files will be accessible for scanning for every user which isn't a good idea. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Handling Quarantined Virii
Quoting Jason Frisvold [EMAIL PROTECTED]: How does everyone handle the clamav quarantine? I run a cron job that deletes any directory more than 2 weeks old. If they haven't claimed their files in 2 weeks, their more-or-less out of luck (it's actually on the backup tapes after deletion, so it could be recovered still...). Normally that is fine, except during a big out break like now. Now I keep 2 days worth (which is about 0.5 GB to 1GB per day for my site), manually deleting them daily. Once the outbreak is over and the daily size drops back to about 20 MB rather than 1GB, I'll go back letting the cron job do its work. I'm running clamav w/ qmail-scanner and every virus laden email gets put into the quarantine folder... Is it even worth it to quarantine at all? Yes. I've had some false positives end up there. Like when the corrupt zip code was first added I had some clean zip files get caught, etc. My user's get a notice that their file is quarantined and how to ask for it, so they can claim and false positives. It's a safety net I enjoy, except of course during major out breaks. It does pose a risk. My quarantine are is small enough that should a major outbreak like this happen while our admins are all out of the office and not checking our email for an extended period of time, it could fill up the disk and DoS us. So it is not without risks. But so far we've not had that happen. I did look through the archives, but I didn't see anything about this... So, if I overlooked something, I apologize. Well, this is an individual thing. Each admin has to decide for themselves what to do. Is the risk of losing false positives important? Is the risk of a DoS more important? etc. Your environment (gov, university, ISP, commerical company, etc) will help dictate your needs, and it varies between groups/industries. Thanks! -- Eric Rostetter --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] visual polling system (was: Re: SOT: SCO.A disappearing?)
On Fri, 30 Jan 2004 09:50:12 -0500 Jesse Guardiani [EMAIL PROTECTED] wrote: Jessica Ruble-English wrote: Still getting plenty SCO.A's over herer too. Has anybody started seeing the variant MyDoom.B yet? As of 2004/01/30 @ 09:44 AM EST I haven't seen a single MyDoom.B. It would be REALLY slick to put together a restricted (trusted) ClamAV polling system with select ClamAV users around the world so we could see a visual map of how these things spread and where the damage or infection is greatest. That's a really great idea - we only need to find some volunteers with highly loaded servers around the world and build a system for virus statistics. Hope it can be realized. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Jan 30 23:22:49 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] Correction to my last post regarding viruses not found
Quoting Jim Maul [EMAIL PROTECTED]: Actually, it technically is clamscan, but for the installation i used (www.qmailrocks.org) a step in there says to copy clamscan to clamdscan Arrr! Why are they advising to do such a stupid thing. so running clamscan and clamdscan effectively means the same thing. So yes technically you are correct, but for my setup You setup is broken. , my statement is correct as well. Not to mention that using the original clamdscan (which is now clamdscan.orig on my system) gives me an error and will not scan any files. [EMAIL PROTECTED] jmaul]# clamdscan.orig /home/jmaul: Can't access the file ERROR It does this for ANY file i try to scan. Probably because the use clamd is running as doesn't have permission to access those files. If you set it up correctly it will work. -trog --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] RE: Build on Solaris problem
From the recent CVS source, I am getting the following compile error. Did I miss something? I saw the notes on the new code for checking OLE2 objects (or some such). Configure looks like this: ./configure --prefix=/opt/csw --sysconfdir=/opt/csw/etc --disable-clamav --enable-milter --with-dbdir=/opt/csw/share/clamav The relevant compiler output is this using Sun's compiler: cc -DPACKAGE_NAME=\\ -DPACKAGE_TARNAME=\\ -DPACKAGE_VERSION=\\ -DPACKAGE_STRING=\\ -DPACKAGE_BUGREPORT=\\ -DPACKAGE=\clamav\ -DVERSION=\devel-20040129\ -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DSCANBUFF=131072 -DFILEBUFF=8192 -DSTDC_HEADERS=1 -DHAVE_UNISTD_H=1 -DHAVE_SYS_INT_TYPES_H=1 -DHAVE_DLFCN_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_SYS_INTTYPES_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRINGS_H=1 -DHAVE_STRING_H=1 -DHAVE_SYS_MMAN_H=1 -DHAVE_SYS_PARAM_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_MALLOC_H=1 -DSIZEOF_SHORT=2 -DSIZEOF_INT=4 -DSIZEOF_LONG=4 -DHAVE_ZLIB_H=1 -DHAVE_BZLIB_H=1 -DNOBZ2PREFIX=1 -DHAVE_SETSID=1 -DHAVE_MEMCPY=1 -DSETPGRP_VOID=1 -DHAVE_GMP=1 -DCLAMD_USE_SYSLOG=1 -DCLAMAVUSER=\clamav\ -DCLAMAVGROUP=\clamav\ -DDB1NAME=\main.cvd\ -DDB2NAME=\daily.cvd\ -DDATADIR=\/opt/csw/share/clamav\ -DCONFDIR=\/opt/csw/etc\ -DC_URANDOM=1 -DCL_THREAD_SAFE=1 -D_REENTRANT=1 -DC_SOLARIS=1 -DBUILD_CLAMD=1 -DWORDS_BIGENDIAN=1 -DWORDS_BIGENDIAN=1 -I. -I. -I.. -I./zziplib -I/opt/csw/include -I../clamscan -fast -xarch=v8 -c ole2_extract.c -KPIC -DPIC -o .libs/ole2_extract.lo ole2_extract.c, line 48: #warning: Big Endian ole2_extract.c, line 89: syntax error before or at: __attribute__ ole2_extract.c, line 89: warning: old-style declaration or incorrect type for: __attribute__ ole2_extract.c, line 89: warning: syntax error: empty declaration ole2_extract.c, line 111: syntax error before or at: __attribute__ ole2_extract.c, line 111: warning: old-style declaration or incorrect type for: __attribute__ ole2_extract.c, line 111: identifier redefined: __attribute__ current : function() returning int previous: function() returning int : ole2_extract.c, line 89 ole2_extract.c, line 111: warning: syntax error: empty declaration ole2_extract.c, line 113: warning: initializer does not fit or is out of range: 208 ole2_extract.c, line 113: warning: initializer does not fit or is out of range: 207 ole2_extract.c, line 113: warning: initializer does not fit or is out of range: 224 ole2_extract.c, line 113: warning: initializer does not fit or is out of range: 161 ole2_extract.c, line 113: warning: initializer does not fit or is out of range: 177 ole2_extract.c, line 113: warning: initializer does not fit or is out of range: 225 ole2_extract.c, line 137: warning: pointer to void or function used in arithmetic ole2_extract.c, line 141: cannot recover from previous errors cc: acomp failed for ole2_extract.c *** Error code 1 make: Fatal error: Command failed for target `ole2_extract.lo' Current working directory /export/home/csw/build/clamav-devel-2004-01-29/libclamav *** Error code 1 make: Fatal error: Command failed for target `all-recursive' [EMAIL PROTECTED] clamav-devel-2004-01-29]# Thanks, Alex --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] SCO virus - Clam 0.65
On Wed, 28 Jan 2004 at 16:01:43 -0600, Erick Ivaan Lopez Carreon wrote: I am using Amavis-ng, and the amavisd.conf doesn't seem to have that line in it. However it does seem to know about other ones which spoof the reply, so i guess it must be somewhere? anybody could give some clue's in implementing such feature using amavis-ng Maybe there is some mailing list of amavis-ng users? -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] SCO.a
Ok Nigel, You were absolutely right, the msgs I was refering to were all bounces, my mistake. Is there a fix in the works for this? Shawn On Tue, 27 Jan 2004 16:59:08 + Nigel Horne [EMAIL PROTECTED] exclaimed: On Tuesday 27 Jan 2004 2:31 pm, Shawn Tayler wrote: Nigel, I have several examples of this. Even with older virii. Would you be interested in them as well? Yes but please send me the original. Many people send me the bounce message which contains the virus. This is no help to the parser, I must have the original. Shawn -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam timeout with version devel-20040127 is too short {Scanned}
Try adding -v option. Maybe it'll show some important details. I suspect that your proxy (or settings concerning it) is the culprit. Tomasz, Thanks for the reply. I tidied up my freshclam script so that it wasn't passing the http-proxy parameter. I then re-ran it with the -v option as suggested. The output from freshclam Starting the daily download of the clamAV virus databases to the Labserver at Thu Jan 29 09:05:03 GMT 2004 Current working dir is /var/lib/clamav Max retries == 3 ClamAV update process started at Thu Jan 29 09:05:03 2004 Connecting via proxy.littleport Connected to database.clamav.net (172.31.2.2). Reading CVD header (main.cvd): OK ERROR: Maximal time (1200 seconds) reached. Completed the daily download of the clamAV virus databases at Thu Jan 29 09:25:03 GMT 2004 appears quickly. After a few seconds the [\] display stops whirling around and thats it. It makes no difference if I use the French mirror. The freshclam process is just sleeping, (STAT S, no CPU usage and no Memory usage) after its initial burst of activity. Normal downloads from the Net are quick, but our proxy is a Novel box configured and controlled by the main IT dept. Until I build a replacement Debian box I have no control over what it is doing or how it is configured. But why could ordinary downloads be quick and yet clam database downloads seem to hang somewhere? Thanks for your help, Regards, Jo. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] SOT: SCO.A disappearing?
Quoting Jeffrey L. Taylor [EMAIL PROTECTED]: I noticed that the virus count has dropped back to pre-SCO.A levels starting around 0330 UTC this morning. I have not seen a single SCO.A since then. Has anyone also seen this? Jeffrey ClamAV did find one SCO.A this afternoon. But the rate has clearly dropped. Odd. Jeffrey --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Archive : File size limit exceeded. ERROR
Hi, When I change clamav.conf to have ArchiveMaxFileSize 1M and send 1.5M zip, I got Fri Jan 30 11:25:33 2004 - /var/spool/exim/scan/1AmQDh-0003c9-1N/1AmQDh-0003c9-1N-0.zip: File size limit exceeded. ERROR Shouldn't clamd just IGNORE it instead of saying ERROR? clamd / ClamAV version devel-20040130 Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Mimail.R/S
ClamAV's just detected Worm.Mimail.R here. McAfee calls it Mimail.s - http://vil.nai.com/vil/content/v_100989.htm Cheers, Phil - Phil Randal Network Engineer Herefordshire Council Hereford, UK --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] checking size of short... configure: error: cannot determine a si ze for short
Anyone experience this error on compilation? checking size of short... configure: error: cannot determine a size for short I have sucessfully installed this package before. For some strange reason it won't recompile without this error. Any help would be appreciated.. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problem compiling - int32_t
Quoting spiralvoice [EMAIL PROTECTED]: Hi, I have some problems compiling the latest snapshot (http://www.clamav.net/snapshot/clamav-devel-20040128.tar.gz). Here is what happens, I used this compiler: Reading specs from /usr/lib/gcc-lib/i486-linux/2.7.2.1/specs gcc version 2.7.2.1 Must be an old system :-) Could you try this patch please. -trog cltypes.diff Description: Binary data
[Clamav-users] Just installed clamav-milter--reporting/logging and bounce questions
I just installed clamav and clamav-milter (CVS from 20040126 (0.66g), FreeBSD 4.8 port clamav-devel), and am very happy with it. It's very fast, and is doing a wonderful job of blocking various viruses to my users--nearly 7000 MyDooms since last night at 7pm. I'm very impressed. However, I'm wondering about a few things that I didn't find in the documentation. I'm wondering if I can turn off the 550 bouncing behavior, and just silently eat the viruses when they come in. Did I miss a configuration setting for this? I'm not sure bouncing the mail back to the original sender is helping anything. I thought maybe the --quiet switch would turn this off, but that doesn't seem to be helping. Also, is there some way of logging info about each viral message (to, from, and virus caught maybe?) The clamd log only reports: stream: Worm.SCO.A FOUND And the maillog doesn't report which virus was found. Jan 29 10:21:07 charles sendmail[48548]: i0TGL6cZ048548: milter=clmilter, reject=550 5.7.1 Virus detected by ClamAV - http://clamav.elektrapro.com Jan 29 10:21:07 charles sendmail[48548]: i0TGL6cZ048548: Milter: data, reject=550 5.7.1 Virus detected by ClamAV - http://clamav.elektrapro.com I just like to know exactly what's going on, I guess. Thanks! -- Dan Bongert [EMAIL PROTECTED] SSCC Unix System Administrator --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] RE: Clamav-milter not installing
-Original Message- Please don't top post. Please check /usr/include/libmilter exists. -Nigel Sorry about the top posting... Anyway, as I said before, libmilter is definitely installed. /usr/include/libmilter does exist! Also, the appropriate sections of the .configure, find the libmilter components. The make command, however, is not doing anything in the clamav-milter directory... james --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Clamscan; clamdscan
Shot myself in the foot with this one. Here's the story:
I made the change to qmail-scanner.pl by copying the file to
qmail-scanner.tmp, editing the .tmp then moving the .tmp back to
qmail-scanner.pl. But when you do this as root, the .tmp file is owned by
root, but qmail-scanner.pl *must* be owned by qscand.
Once I got the ownerships back as it should be, I could set Q-S.pl to use
clamdscan again.
BTW, I posted this problem twice, since the first message took a few days
(!) to appear on the list, and I thot it had got lost.
-Original Message-
From: Micha Silver [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 29, 2004 11:14 AM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] Clamscan; clamdscan
Last night I made a small change to qmail-scanner.pl- I added
'worm.sco.a' to the array $silent_viruses_array. (To prevent
sending Virus Found messages to innocent sender addresses)
It now looks like:
my
@silent_viruses_array=('klez','bugbear','worm.sco.a','hybris',
'yaha','braid'
,'nimda','tanatos','sobig','winevar','palyh','fizzer','gibe','
cailont','love
lorn','swen','dumaru','sober','hawaii','holar-i');
From that moment on, clamav stopped recognizing virii.
Disallowed extensions
- *.scr etc. - were still being blocked. I was running
clamdscan as the clamscan_binary in the Q-S.pl script. This
morning I change back to calling the regular clamscan for
each virus, and immediately CLAMSCAN:Worm.SCO.A started
appearing in the logs.
I'd like to go back to clamdscan to save memory and scanning
time. What might I have done to cause clamdscan to fail??
TIA
--Micha
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim,
CA. http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
