Re: [Clamav-users] database.clamav.net resolution
Hello Damian Menscher, sorry for the late reply This points me to random mirrors around the world. I'd have expected to resolve to db.us.clamav.net, and get mirrors within the US. Everything still works, but I wanted to report it since it should probably be fixed. Or is this something I was supposed to configure (the you SHOULD NOT change it discouraged me)? As we say in the doc, we only _attempt_ to redirect clients to the closest mirror. The closest server (geographically speaking) is not necessarily the best mirror for you to use, so there is no need to try hard to redirect a client to the closest mirror. We grouped our mirrors like this just to avoid using 53/tcp replies to dns queries. Since the number of mirrors keeps growing, in the near future we may need to change this approach in favour of another one based on country codes. You can already start using the following hostname as a clamav mirror if you like: db.TWOLETTERCOUNTRYCODE.clamav.net Right now most of them are just aliases for db.america.clamav.net, db.europe.clamav.net and db.asia.clamav.net Please let me know if you encounter any difficulties. Best regards -- Luca Gibelli ([EMAIL PROTECTED]) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] important notice for people using ClamAV 0.60
Dear ClamAV users, our logs show that there is still a small percentage of ClamAV 0.60 installations updating their database. ClamAV 0.60 was released on July 29th, 2003 and it was the last release to use the old database format (viruses.db and viruses.db2). Starting from version 0.65, released on November 12nd, ClamAV uses a new database format called CVD, which is compressed and digitally signed (for a full list of its features, read the doc). The new database can be converted to the old format using sigtool (part of the ClamAV package). We have been distributing the database in both formats till now, but we plan to drop support for ClamAV 0.60 on September 1st. It will be still possible to convert the database to the legacy format but we won't be distributing it through our mirrors. We encourage _all_ users to upgrade to the latest release available. People running an old version of ClamAV are missing many viruses and may experience stability problems. You have more than 1 month to update your system. Please find the latest source package at http://prdownloads.sourceforge.net/clamav or grab the latest binary package for your distribution at http://www.clamav.net/binary.html#pagestart The ClamAV team (http://www.clamav.net/team.html) -- Luca Gibelli ([EMAIL PROTECTED]) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] dropping support for ClamAV 0.60
Dear ClamAV users, as previously announced [*] we are dropping support for ClamAV 0.60 on September 1st. You can still convert the database to the legacy format manually, but we won't be distributing it through our mirrors. If you are still running ClamAV 0.60 please upgrade your system! You can find the latest binary packages at http://www.clamav.net/binary.html#pagestart The source code of the latest stable release is available at http://prdownloads.sourceforge.net/clamav/?sort_by=namesort=desc [*] see http://www.gossamer-threads.com/lists/clamav/announce/10454 -- The ClamAV team (http://www.clamav.net/team.html) -- Luca Gibelli ([EMAIL PROTECTED]) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] old database format no longer available
Dear ClamAV users, as previously announced [*], we stopped distributing the database in the old format (viruses.db, viruses.db2). The old database has been completely removed from our main site and mirrors. If you are still using ClamAV 0.60 (or older) you should upgrade immediately. The ClamAV team (http://www.clamav.net/team.html) [*] http://www.gossamer-threads.com/lists/clamav/announce/10454 -- Luca Gibelli ([EMAIL PROTECTED]) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] announcing ClamAV 0.80rc
: ...With this years outbreak of e-mail worms for non-Linux platforms, ClamAV has been getting quite a workout, and Linux admins on mailing lists report that database update times are keeping up with or beating the proprietary alternatives. -- The ClamAV team (http://www.clamav.net/team.html) -- Luca Gibelli ([EMAIL PROTECTED]) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: Mirror in Argentina
Hello Mariano Absatz, Would someone on both lists (or Luca) contact the people from clamav.xmundo.net and ask them to add a single line ServerAlias db.ar.clamav.net within the virtual server with ServerName clamav.xmundo.net Thanks for notifying me of the problem. When I accept a new mirror I _always_ check that it's configured properly (I ask them to use ServerAlias db.*.clamav.net). Sometimes a sysadmin change the configuration afterwards without prior advice and without an apparent reason. I'll contact him immediately. Best regards -- Luca Gibelli ([EMAIL PROTECTED]) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] please fix your freshclam setup
Dear ClamAV users, we are seeing a lot of useless traffic on our mirror servers. It looks like there are many broken freshclam clients still running. Once again, we urge you to upgrade to ClamAV 0.80 and take advantage of the new DNSDatabaseInfo option, which allows to check for a new version of the database with a single DNS query. Until you do, please keep the check frequency below once per hour. Abusing clients will be added to a black list and won't be able to download our database anymore. We ask you to verify that your freshclam setup is correct, in particular: 1) if you run freshclam from crontab, check that you have an entry like the following: N * * * * /usr/local/bin/freshclam --quiet where N is a random integer between 3 and 57 and is not a multiple of 10. Do NOT use anything like this: * * * * * /usr/local/bin/freshclam --quiet */N * * * * /usr/local/bin/freshclam --quiet 2) if you run freshclam from crontab, make sure that you are _not_ using the -d flag (see the manpage for more info). Thanks -- Luca Gibelli ([EMAIL PROTECTED]) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] please fix your freshclam setup
Hello Steven Stern, 1) if you run freshclam from crontab, check that you have an entry like the following: N * * * * /usr/local/bin/freshclam --quiet [snip] Are you OK with this? 12 */2 * * * sleep `expr $RANDOM \% 1800` /usr/bin/freshclam --quiet Every other hour, it runs at some random point between 12 after the hour and 42 after the hour. Yes, checking every two hours (and a half, worst case) is ok too. Best regards -- Luca Gibelli ([EMAIL PROTECTED]) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] please fix your freshclam setup
Hello, I got this instead. Meaning i do not have DNSDatabaseInfo? if you are running ClamAV 0.80 please edit freshclam.conf (usually installed under /etc/clamav/ or /usr/local/etc/clamav/) and add the following line: DNSDatabaseInfo current.cvd.clamav.net Then run # freshclam -v from the command line and verify that everything is working properly. You should see the following lines, among the others: main.cvd version from DNS: 27 daily.cvd version from DNS: 568 If you are not running ClamAV 0.80, it's time to upgrade :) If you don't want or can't upgrade ATM, please be sure that your freshclam doesn't check for updates more often than once an hour. Best regards -- Luca Gibelli ([EMAIL PROTECTED]) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] please fix your freshclam setup
Hello [EMAIL PROTECTED], Here is the output from mine run a few minutes ago. Current working dir is /var/www/html/clamav Max retries == 3 ClamAV update process started at Mon Nov 1 14:21:33 2004 TTL: 880 main.cvd version from DNS: 27 Software version from DNS: 0.80 Connecting via batman.belfast.heartsine.net main.cvd is up to date (version: 27, sigs: 23982, f-level: 2, builder: tomek) TTL: 880 daily.cvd version from DNS: 566 Connecting via batman.belfast.heartsine.net daily.cvd is up to date (version: 566, sigs: 2093, f-level: 3, builder: ccordes) Freeing option list...done Compare this to Filbert's, as you can see that everything was up to date yet it still connected even though DNS was consulted. batman.belfast.heartsine.net is a proxy. If you check the proxy's logs, you'll see that no connection is made by freshclam. The debug message printed by freshclam is misleading. Best regards -- Luca Gibelli ([EMAIL PROTECTED]) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] new Wiki site
Dear list, Many users are afraid of upgrading ClamAV because they fear they could break their mail system. Writing an extensive guide about all the possible problems one may encounter during the upgrade would require a big effort. So we decided to go for a Wiki-style doc: you can find it at http://wiki.clamav.net . We hope that experienced users will contribute stuff, especially to http://wiki.clamav.net/index.php/UpgradeInstructions . You can edit any page except the Home Page. Regards -- Luca Gibelli ([EMAIL PROTECTED]) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] new Wiki site
Hello Graham Toal, What's needed is an installation script which installs a completely independent copy in one of two locations, so you can double-buffer the installs. ./configure --prefix=path can already do that. Best regards -- Luca Gibelli ([EMAIL PROTECTED]) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Freshclam + My Problem
Hello xterm1, Is there any way to tell freshclam what ip to use to get it's updates. We have a problem with our main ip being locked out due to an attack. Now there is no way to do that, afaik. As a temp. fix, add a static route for some mirrors and specify them in freshclam.conf using the hostnames available at http://www.clamav.net/mirrors.html Good luck with the DoS ... Best regards -- Luca Gibelli ([EMAIL PROTECTED]) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Forward del messaggio di Magnus Ekdahl riguardo a Re: Bug#203432: clamav found a suspect file in nmap
FYI - Forwarded message from Magnus Ekdahl [EMAIL PROTECTED] - From: Magnus Ekdahl [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Bug#203432: clamav found a suspect file in nmap tag 203432 upstream forwarded 203432 [EMAIL PROTECTED] reassing 203432 clamav-data thanks Reason: While this bug applies to clamav-freshclam too, clamav-data is the only one that can fix this bug by modifying the package. [EMAIL PROTECTED] wrote: Package: clamav Version: 0.60-2 Clamscan (clamav) find an infected file in the nmap package downloaded from ftp.us.debian.org and from several other tested site. //usr/share/doc/nmap/nmap-fingerprinting-article.txt.gz: Troj/Orifice-A FOUND --- SCAN SUMMARY --- Known viruses: 8880 Scanned directories: 6304 Scanned files: 95425 Infected files: 1 Data scanned: 3713.65 Mb I/O buffer size: 131072 bytes Time: 1561.047 sec (26 m 1 s) Please check and replay Probably a false positive. Thanks for reporting this bug. I'm forwarding this one to clamav's database developers. If you have any comment on this bug, please cc [EMAIL PROTECTED] in the reply. -- Magnus Ekdahl 0739-287181 [EMAIL PROTECTED] [EMAIL PROTECTED] public key available at http://oxtan.campus.luth.se/magnus.public ftp://ftp.se.debian.org/debian-non-US/pool/non-US/main/d/debian-keyring/ Key fingerprint = 18DE CB62 8A86 374E 824E 09ED 1987 4B18 1213 79F6 - End forwarded message - -- Luca Gibelli ([EMAIL PROTECTED] || [EMAIL PROTECTED]) PGP Fingerprint: EC7C D6D2 D754 89F8 BDE8 8924 6341 3B07 C2F3 9102 Key Available at: http://gibelli.oltrelinux.com/gibelli.asc BOFH excuse 283: Post-it Note Sludge leaked into the monitor. pgp0.pgp Description: PGP signature
[Clamav-users] Re: new to this
Hi Lehua, the new mailing-list address is [EMAIL PROTECTED] Please remember it for your future posting. I'm forwarding your email to the new address. I'm trying to install clamav and am getting stuck at the $make install step. I'm getting a permission denied. My purpose for installation is to test it by profiling so I don't need to set it up to integrate w/ our mail delivery system, I just need to use it as a single user and run gprof on it. I keep getting this error, this is just some of it too: /usr/bin/install -c .libs/libclamav.so.1.0.3 /usr/local/lib/libclamav.so.1.0.3 /usr/bin/install: cannot create regular file `/usr/local/lib/libclamav.so.1.0.3': Permission denied make[2]: *** [install-libLTLIBRARIES] Error 1 thanks for helping if you do lehua -- Luca Gibelli ([EMAIL PROTECTED] || [EMAIL PROTECTED]) PGP Fingerprint: EC7C D6D2 D754 89F8 BDE8 8924 6341 3B07 C2F3 9102 Key Available at: http://gibelli.oltrelinux.com/gibelli.asc BOFH excuse 282: Decreasing electron flux pgp0.pgp Description: PGP signature
[Clamav-users] Forward del messaggio di Nikolaj Wicker riguardo a clamav-milter
Dear Nikolaj, the mailing-list moved to [EMAIL PROTECTED] Please use the new address. I'm forwarding your email to the list... - Forwarded message from Nikolaj Wicker [EMAIL PROTECTED] - From: Nikolaj Wicker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: clamav-milter hallo list, i am trying to compile clamav 0.60 and clamav-20030806 on a sun solaris SPARC box. the make-process went fine with one exeption. trying to compile clamav-milter produces some errors which prevent code-generation. configure options were: ./configure --prefix=/usr/local --sysconfdir=/etc --enable-milter make uses: gcc -g -O2 -Dstrerror_r=strerror -o clamav-milter clamav-milter.o ../clamd/cfgfile.o ../clamd/others.o -L/export/home/nwicker/Solaris-Softwar e/ClamAV/clamav-20030806/libclamav -L/usr/lib/libmilter -lmilter -lpthread -lsocket -lnsl -lresolv the errors produced were: Undefined first referenced symbol in file strerror_r clamav-milter.o getopt_long clamav-milter.o ld: fatal: Symbol referencing errors. No output written to clamav-milter collect2: ld returned 1 exit status use of -Dstrerror_r=strerror option didn' t work and i've got no idea how to fix the getopt_long problem. any help appreciated. Nikolaj Wicker -- Nikolaj Wicker fon +49-(0)7248/9150-0 cnk networks gmbh fax +49-(0)7248/9150-50 becker-goering-strasse 26/1 [EMAIL PROTECTED] Germany, 76307 karlsbad - End forwarded message - -- Luca Gibelli ([EMAIL PROTECTED] || [EMAIL PROTECTED]) PGP Fingerprint: EC7C D6D2 D754 89F8 BDE8 8924 6341 3B07 C2F3 9102 Key Available at: http://gibelli.oltrelinux.com/gibelli.asc BOFH excuse 211: User was distributing pornography on server; system seized by FBI. --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] WARNING: Your ClamAV installation is OUTDATED!
Hello Awie, My ClamAV version is 0.88.5, but I got message below. Should I re-download and re-install the 0.88.5 or using the RC (that unstable) version? no, no need to reinstall. One of the recent cvd had the wrong functionality level. We published an update and now the warning should be gone. Sorry for the trouble. Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +44 2081239239 [Fax] +39 0187015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Broken Pipe problem while running freshclam
Hello Rolf, bash-2.05# telnet 62.133.206.90 80 Trying 62.133.206.90... Connected to 62.133.206.90. Escape character is '^]'. quit !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN HTMLHEAD TITLE302 Found/TITLE /HEADBODY H1Found/H1 The document has moved A HREF=http://www.unnet.nl/;here/A.P HR ADDRESSApache/1.3.34 Server at localhost Port 80/ADDRESS /BODY/HTML Connection to 62.133.206.90 closed by foreign host. That doesn't mean the mirror is not working. In fact it is working. You just have to use the correct Host: header. Regarding this problem, I have the following questions: 4. Where do I report problems with mirrors? To me, Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +44 2081239239 [Fax] +39 0187015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] public key for clamav
Hello Obantec, where do i get the public key for clamav tar balls? [EMAIL PROTECTED] src]# gpg --verify clamav-0.90rc2.tar.gz.sig gpg: Signature made Mon 30 Oct 2006 18:57:37 GMT using DSA key ID 985A444B gpg: Can't check signature: public key not found have a look on http://www.clamav.net/team.html, every developer is listed there, with his PGP key. not sure how that helps as the pgp key is for the files Did you care to read the FAQ? http://www.clamav.net/faq.html (#36) Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +44 2081239239 [Fax] +39 0187015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Broken Pipe problem while running freshclam
Hello Dennis, Why is it that dead servers remain in the round robin DNS tables for days on end? I'm using data from http://www.clamav.net/mirrors.html as a basis of dead. I usually contact the sysadmin immediately after the mirror goes down and remove them from the RR only if the sysadmin doesn't provide me with an ETA for solving the problem within 7 days. Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +44 2081239239 [Fax] +39 0187015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to packagers
Hello Jim, Instead the packages need me to learn some of the inner workings of ClamAV and FreshClam (forget editing the conf files, the packages don't even seem to work together out of the box), and since I really don't care about learning this, I'm going to get as far as making it work then leave it alone, missing many features, surely, but I have (many) other tasks beyond administration of ClamAv. This means that much of the developers work is wasted, because I take the easiet way around an error, no clamav user, the hell with it, freshclam runs as root. We are happy to suffer this loss. Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +44 2081239239 [Fax] +39 0187015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] wiki.clamav.net down?
Hello Obantec, http://wiki.clamav.net/index.php/UpgradeInstructions is returning server not found. anyone else reach it? tracert finds the IP ok but server not responding for me! There are some RAM issues on that server. I'm already taking care of it. BTW the thread about packages has gone too far, so what about starting another flame war on a different topic? :) I understand that many people find the current wiki difficult to use and this results in very little contributions. We need something that is very easy to use and actively maintained. I really like twiki (www.twiki.org), as it has got reasonable system requirements and it's very easy to install, even if you don't want to know *anything* about the internals evil g. Another alternative is mediawiki (on which wikipedia is based), but TBH I think it would be an overkill for our needs. What do you think? Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +44 2081239239 [Fax] +39 0187015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV installation is outdated messages
Hello Little, http://lurker.clamav.net/message/20061103.221240.b49f234b.en.html However, I am still getting that message. Does anyone know if it is still safe to ignore? I don't want to be a pain - but can anyone confirm or deny that they are also seeing these messages? I have gone through all of the steps that were outlined in the FAQ but I am still seeing these messages. I am running ClamAV 0.88.6/2162/Sun Nov 5 03:14:36 2006 The problem has been fixed. Probably you didn't uninstall old libclamav before upgrading. Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +44 2081239239 [Fax] +39 0187015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] DB Update email before actual update available?
Hello Jay, I am attempting to write a script that will take action whenever an email from the [EMAIL PROTECTED] list is received. The script would run freshclam and grab the most recent update, thus giving me the most up to date version at all times without putting a heavy load on the ClamAV servers. This has been discussed before. Short answer: don't do it. If all of our users download the update at the same time, our mirrors would die. That's why the TTL for current.cvd.clamav.net is 900 secs and not a few secs. Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +44 2081239239 [Fax] +39 0187015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Why does clam die on a malformed database ?
Hello Christopher, Having clam die spells disaster. If you've set your system to tempfail on clam failure, you can't receive mail until it is fixed. [snip] How exactly is this better then a possibe false-positive, if a corrupted sig happens to match some valid piece of mail ? It's better to delay N emails rather than delete N emails. Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +44 2081239239 [Fax] +39 0187015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] new version change log?
Hello heze54, Where is a new version change log? http://www.clamav.net/snapshot/ChangeLog (linked from http://www.clamav.net/snapshot.html) Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Minor bug on the home page
Hello Mark, I have these issues all the time when i click around through the new website. The languages are changing randomly, sometimes it appears in japanese, then italian, than german... Sure, the new site looks nice, but this multi-language techniqe is somehow broken. Yes, same here. OS X 10.4 using Safari and occasionally Firefox although not repeatable on demand unfortunately. A temporary fix is in place starting from this afternoon. Please let me know if you still experience such a problem. Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: pdf zip module failure
Hello Robert, It's hard to tell what fixes are in the current development snapshot as they're out of date and the SVN server is disabled at the moment. It has never been enabled so far. The CVS server has been shut down before 0.90 came out and since then no new source code has been made available. SVN will be available tomorrow. Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Fw: [Mimedefang] [PATCH] Mimedefang and clamd/clamav 0.90
Hello Bill, I received this from the mimedefang list and I've applied the patch. Now pdfs can be sent and received OK. This is only a workaround, but it may help others until it gets sorted out. Thanks, I added a reference on http://wiki.clamav.net/Main/UpgradeNotes090 I also encourage everybody to post more feedback on that page. Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Local mirror with .90
Hello Shawn, I'm sure this has been asked already, but I haven't been able to find it. How do I get the .cdiff files? I had a local mirror set up, but since .90 was installed they are looking for the .cdiff files. it's a faq. Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV 0.90.0 Problem
Hello Frank, The line FixStaleSocket isn't commented out by default. It just says This is not true. Just check it: http://www.clamav.net/download/sources Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV 0.90.0 Problem
Hello Frank, The line FixStaleSocket isn't commented out by default. It just says This is not true. Just check it: http://www.clamav.net/download/sources I don't care what that shows. I know how it shows after a fresh install of ClamAV on my system. It was installed from FRESH source from the In that case your system has been hacked. Make a full reinstall. ClamAV web site. I didn't use any wierdo configure statements. I am running CentOS Linux 4.4 which is virtually identical to Red Hat Enterprise Linux Update 4. If you can explain why the following configure line left that blank in my conf file I would like to hear it: ./configure --sysconfdir=/etc --disable-zlib-vcheck -enable-experimental It's --enable-experimental, with 2 dashes. Also disabling zlib-vcheck means you are asking for trouble. Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV installation is OUTDATED!
Hello Ralph, I wonder if anyone ever reads the admonishments about top-posting and pruning messages. Or the FAQ. Or the manual. I really wish people would do their homework before posting to this mailing list. I think it'd be better to point such users to a proper URL where they can *find the answer* instead of serving the answer to them directly via email. This will increase the probability that next time they need some info, they will *first* search and *then* ask. My 2 eurocents -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] db refresh load
Hello Dennis, Sidebar - continuing to see freshclam update failures - trussed freshclam and watched it walking through the list of mirrors looking for data and never finding it. That seems to be a lot of mirrors out of service or busy doing other things. Did I catch them at a bad time? Is there a bad time? Well our sigmakers are publishing a lot of updates (which is a good thing) but only 5% of our users are running 0.9x which means no scripted updates and a lot of traffic for our mirrors. Many of them cannot cope with the current traffic. I urge everyone to upgrade to 0.90.1 . Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Different main-files of virussignatures
Hello Jens, Editing scripts to proof both paths is very difficult, because there are 5 different versions on all 120 servers. So there is a lot to do to edit the scripts. Is there no other way, to activate main.cvd or main.inc on all servers ? no, Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Amavis-new, Postfix and ClamAV
Hello Stuart, Mar 27 12:01:52 hostname amavis[17399]: (17399-03) (!)run_av (ClamAV- clamd, built-in i/f): Too many retries to talk to /usr/local/sbin/ clamd (Can't connect to UNIX socket /usr/local/sbin/clamd: Permission denied) at (eval 51) line 293. Why do so many people mistake the socket for the binary? Is there a lame howto somewhere that instructs users to do so? Tomasz, perhaps we should change the default socket to /tmp/clamd.sock? Unfortunately that would make upgrades a little troublesome for newbies... Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] What's broken?
Hello Dennis, Has the ClamAV backbone died? no, only some mirrors[*]. Most of our users are still running 0.8x and that causes big spikes of traffic when we release a new main.cvd . [snip] Trying host db.us.clamav.net (66.111.55.10)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.us.clamav.net (IP: 66.111.55.10) ERROR: Can't download main.cvd from db.us.clamav.net Best regards [*]: our backbone is separated from the public mirror infrastructure. -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] ClamAV 0.91rc1 config. change
Dear ClamAV users, Starting from 0.91rc1, the default value for LocalSocket in clamd.conf has been changed from /tmp/clamd to /tmp/clamd.socket to avoid confusion. You must update the configuration of all programs that connect to clamd through unix socket to point to the new path! Please note that ClamAV 0.90.3 still uses the old default value (/tmp/clamd) so no changes are required for people upgrading to ClamAV 0.90.3 . Regards, -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] daily.wmd/daily.cvd trouble (was daily.wmd trouble with 0.91rc1)
Hello Sergey, and... Broken update is not good, but core dumping of clamd is very bad. It would be good to make clamd steadier with broken updates... First of all, the update itself was OK. The problem appeared at Jun 2 04:53:33 GMT+5 in first time with 0.90.3 the offending signature has been removed this morning, Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamscan 0.88.7 clamscan 0.90.3
Hello Luis, v0.88.7 clamscan some_file.txt: 2 seconds. v0.90.3 clamscan some_file.txt: 120 seconds. [snip] Why 0.90.x clamscan load time is slower than 0.88.x? Will clamscan load time be improved in future versions? This topic has been beated to death: upgrade to 0.91. Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] FreshClam and DNS - Debian
Hello, In the support FAQ for Clamav it states: - What does WARNING: DNS record is older than 3 hours mean? [snip] The 4th field of the first line should be less than 3 . 3600 behind the output of the second line. If not, you have a caching DNS server somewhere misbehaving. - So I go to the command line and do a: # host -t txt current.cvd.clamav.net; perl -e 'printf %d\n, time;' And get: current.cvd.clamav.net text 0.91.1:44:3779:1185489181:1 1185490600 Well the 4th field is a lot more than 3! the faq says that it should be less than 1185490600-(3*3600) = 1185479800. Indeed this was not the case, as 1185489181 is greater than 1185479800. This happened because one of our slave DNS server was not fetching the zone from our backup master dns and our primary master dns was down. The other slave DNS were fetching the zone correctly, so only a minority (1/7th) of our users received this warning. freshclam falls back to http mode whenever a DNS starts behaving incorrectly, so no harm was done. Everybody was receiving CVD updates as usual. Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Sourcefire acquires ClamAV
Hello James, Tomasz Kojm wrote: Both the ClamAV engine and the signature database will remain under GPL. Until they start charging for current updates, etc. like they do with Snort... you should rest assured that the virus database will stay GPL and will be [snip] I'm complaining now... because the virus database is not the source to build the binaries. If hey are only saying the virus database is the ONLY part to stay GPL we may have to pay through the nose for the source to build the compiled binaries! I'm HOPING this hasn't happened and you mis-typed your reply. The answer is in the first line of the message quoted by Tomasz. We also made it clear in the FAQ on the acquisition, quoting from http://www.clamav.net/support/sf-faq: Q. Will the project still be licensed under GPL? A. Yes, the ClamAV engine and CVD will remain under GPL. Q. Will the ClamAV team continue to work on the project? A. Yes, the core team will continue to lead the advancement of ClamAV and the CVD as employees of Sourcefire. Sourcefire also makes it clear in their FAQ at http://www.sourcefire.com/elqNow/elqRedir.htm?ref=http://www.sourcefire.com/resources/downloads/public/ClamAV_FAQ.pdf?a=1%26b=2%23go: Q. Will Sourcefire change the way that ClamAV open source software is offered? A. Sourcefire has no current plans to change the way the ClamAV software is offered to end-users. Sourcefire is committed to investing in and advancing the ClamAV technology, just as we have with Snort and Snort.org. Sourcefire is *absolutely committed* to the continued distribution of ClamAV *and* the ClamAV malware database as an open source solution under the terms of the GPL. Hope that answers your question. Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] As soon as Sourcefire starts charging for virus updates,
Hello Sergei, people will stop contributing signatures, right ? I kindly ask you to read this thread in its entirety: http://lurker.clamav.net/thread/20070817.105929.555e74bd.en.html#20070817.105929.555e74bd Also check out the FAQ on the acquisition available on our website: http://www.clamav.net/support/sf-faq HTH Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 06 916502176 [Fax] +39 0187 015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any keyserver || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV patch download not working in South Africa
Hello Andrea, Could you confirm whether the local server db.za.clamav.net had a problem yesterday ? Is that problem solved now ? are you running a version of freshclam 0.91 ? Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 06 916502176 [Fax] +39 0187 015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any keyserver || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Please help - Freshclam not updating.
Hello Todd, Check to make sure that your local iptables firewall and any firewall between you and the DNS server does not block TCP port 53 (which is what the fallback proto/port is if the DNS answer is more than 512 bytes). we put a lot of effort in keeping the size of the RR records under 512 bytes, because TCP queries put too much load on the authoritative DNS servers for clamav.net . With no other options, this smells like selinux. I second that. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 06 916502176 [Fax] +39 0187 015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any keyserver || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Please help - Freshclam not updating.
Hello Rob, Any suggestions? Two things, 1) You may be able to go standard DNS lookups, but can you lookup TXT records? he explicitly showed that he can. Is DNS over TCP supported by your DNS server (many organisations block it in the mistaken belief that it improves security and breaks nothing) I agree that it's a mistake to block 53/tcp, but we don't have such big records so this is not the cause of the problem. 2) See the last post in the thread titled ClamAV patch download not working in South Africa mirrors in Canada are working just fine. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 06 916502176 [Fax] +39 0187 015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any keyserver || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unreliable mirror.
Hello G.W., My freshclam logs say that the mirror in Oxford, England has failed to supply ClamAV database updates since about November 6th. According to that's not true. wget clamav.public-internet.co.uk/daily.cvd gives me the CVD from November 22nd. the database is about 9.6 days old as I write, but the problem goes back far longer than that. See for example: http://www.google.com/search?q=80.82.245.8+clamav you can find similar matches for almost every mirror, because every mirror has problems from time to time. Is there something someone could do to deal with the unreliability of this mirror? If it can't be fixed I suggest removing it from the DNS. I usually give them about 1 week to fix the problem and then temporarily remove them from the round robin (that means you should see it disappear very soon). If the problem is not fixed after 1 month, the mirror is dropped. I'd like to remark that freshclam is not affected by broken mirrors and can always download the latest CVD as long as at least one of the mirrors in the RR is working correctly. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 06 916502176 [Fax] +39 0187 015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any keyserver || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unreliable mirror.
Hello G.W., My freshclam logs say that the mirror in Oxford, England has failed to supply ClamAV database updates since about November 6th. According to that's not true. Forgive me for insisting, but what I wrote is true. That is, I have told you what is in my logs. Of course my logs don't tell me whether the mirror has been supplying updates for others. :) that's only because your freshclam blacklisted this mirror and didn't check it again for some time. In the meantime the problem with the mirror was fixed (I notified the admin and he resolved the issue). Unfortunately by the time the blacklist in your freshclam expired, the problem with the mirror had reappeared. So from your point of view the mirror has been always broken since November 6th. wget clamav.public-internet.co.uk/daily.cvd gives me the CVD from November 22nd. Indeed the mirror does supply daily.cvd correctly. It's the cdiff files that it doesn't seem to be supplying. Try this: [EMAIL PROTECTED] ged]$ wget http://clamav.public-internet.co.uk/daily-4980.cdiff --11:26:16-- http://clamav.public-internet.co.uk/daily-4980.cdiff My point is that the mirror stopped working November 22nd and not November 6th. The latest update released on November 22nd is 4876, and in fact the cdiff for 4876 is available: $ wget clamav.public-internet.co.uk/daily-4876.cdiff --15:16:12-- http://clamav.public-internet.co.uk/daily-4876.cdiff = `daily-4876.cdiff' Connecting to clamav.public-internet.co.uk:80... connected! HTTP request sent, awaiting response... 200 OK I'm not saying that the mirror is working correctly, otherwise both the latest CVD and cdiff would be available. you can find similar matches for almost every mirror, because every mirror has problems from time to time. In my logs I see persistent problems only with the mirror in Oxford: because you are using the UK round robin :) you have no visibility of mirrors outside your country. Anyway I agree with you, this mirror has been a little more problematic than the other mirrors in UK lately. OTOH I must say that public-internet.co.uk has been providing bandwidth and resources for ClamAV for a long time with excellent quality and the recent problems should not let us forget the precious help we received from them. I usually give them about 1 week to fix the problem and then temporarily remove them from the round robin (that means you should see it disappear very soon). If the problem is not fixed after 1 month, the mirror is dropped. Is that documented somewhere? only under www.clamav.net/doc/mirrors IIRC, which I must admit is not really a prominent link :) Is there something the community can do to help? I can easily script The best thing the community can do to solve such problems is to provide more mirrors so that we can filter out the most unreliable ones. something to report such problems, say after some grace period. I already constantly monitor all mirrors using a custom nagios plugin that verifies both cvd and cdiff updates for availability and freshness. Feedback from our community is *always* welcome and appreciated. Feel free to contact me directly whenever you think some problem requires my attention. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 06 916502176 [Fax] +39 0187 015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any keyserver || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] freshcalm error messages (getpatch)
Hello Jobst, ERROR: getpatch: Can't download daily-4967.cdiff from db.au.clamav.net ERROR: getfile: daily-4967.cdiff not found on remote server (IP: 192.168.1.1) 192.168.1.1 ? So what is this about? Should I just forget this and not worry? are you using some kind of transparent proxy? Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 06 916502176 [Fax] +39 0187 015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any keyserver || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Invalid DNS reply error messages
Hello, Some of you may have received the following error message during the night of Saturday (GMT time): WARNING: Invalid DNS reply. Falling back to HTTP mode. This intermittent error has been caused by a glitch in one of our DNS servers. Please rest assured that the issue has been quickly resolved and even if you have received this message, your ClamAV installation has correctly fetched all the daily updates as usual in a timely manner, by falling back to HTTP mode. In short: if you received this warning message during yesterday night, you can safely ignore it. Regards, -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 06 916502176 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problems connecting to freshclam servers
Hello, there a lot of users still running old ClamAV versions that do not support incremental updates (especially in US, as it seems). The size of daily.cvd is almost 2MB, and this is hurting some mirrors. We are going to release a main.cvd update in the first half of April, that should ease the pressure on the mirrors. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 06 916502176 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problems connecting to freshclam servers
Hello Dennis, there a lot of users still running old ClamAV versions that do not support incremental updates (especially in US, as it seems). The size of daily.cvd is almost 2MB, and this is hurting some mirrors. We are going to release a main.cvd update in the first half of April, that should ease the pressure on the mirrors. Last time around for that it created a pretty hefty hit for the servers. Should we expect that again? Probably, but we'll try to limit the effects by extending the TTL of the TXT record. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 06 916502176 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav.oc1.mirrors.redwire.net not fully functional
Hello Gerald, Try : http://clamav.oc1.mirrors.redwire.net/main.cvd [you get error 503: service temporarily unavailable]. usually this happens when the mirror exceed its monthly quota of traffic. freshclam should be able to recover from this error. Let's wait until June 1st to see if it starts working again. Regarding www.clamav.net/mirrors.html, mirmon only checks for the freshness of clamav.oc1.mirrors.redwire.net/timestamp and that file is correctly served. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] List Archives?
Hello Charles, Where can I visit the list archives to check to see if a question has already been answered? I click the link and get a blank page (though perhaps I need to be subscribed and this has not yet been processed?) we hit a bug in lurker that we are unable to fix by ourselves. Unfortunately we had no luck contacting the lurker dev. team so far. We are considering switching to another archivers/search, but so far we didn't find anything acceptable. Feel free to shoot me an email if you have some suggestions. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] List Archives?
Hello Charles, http://packages.sw.be/clamav/ Could the maintainers of 'www.clamav.net' please update their pages to point to this new location? Thanks! updated. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV updates - where is 7421?
Hello Randal, Last pattern posted to clamav-virusdb was: ClamAV database updated (10 Jun 2008 14-18 +): daily.cvd Version: 7421 Yet the DNS, clamav homepage, and mirrors still say 7417. the problem has been fixed shortly after your email. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Wanna to help translate
Hello Aron, I want to help tranlsate ClamAV and its website into my mother language,but followed by the website,I sent a mail to [EMAIL PROTECTED] ,but several days no reply,could anyone help me? We already have a Chinese translator. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] send file problem
Hello Aron, When starting a new thread, compose a new message, don't reply to another message. I have sent many samples to the email address that Luca gave me several days ago.But ClamAV didn't use these samples,I cannot see my name in the clamav-virusdb ML so the software cannot detect them until now.I want to know what's wrong. I already explained to you via private email that you are using a wrong password. Regards, Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] send virus problem
Hello Aron, You haven't solve my problem now,what's wrong? I compressed and encrypted the files correctly and sent them correctly,but I still didn't see them in the clamav-virusdb mailing list?Need I send them once more? so far you only sent one sample that we didn't already have: 9kgen_up.int (md5: 49a912bcc13a23aa8dce00acf88acb3a) It has not been reviewed yet, but hopefully one of the sigmakers will take care about it soon. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] PUAs
Hello Ian, BTW, any chance that we could get a link to Configuration Tips from the main wiki page, please? An essential part of getting ClamAV running on a live mail service is getting the configuration right. done, -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] wiki
Hello Ian, How come a security project thinks it's OK that I should send a password in the clear? Fixed, Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Unable To Run Freshclam
Hello Carlos, I receive an error when running Freshclam on Debian: mail:/etc/amavis/conf.d# freshclam ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log). please check if user 'clamav'[1] can write to /var/log/clamav/freshclam.log Best regards [1]: or whatever you defined in freshclam.conf with the directive User -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Unable To Run Freshclam
Hello Carlos, please check if user 'clamav'[1] can write to /var/log/clamav/freshclam.log According to /var/log/clamav/ mail:/var/log/clamav# ls -l total 104 -rw-r- 1 amavis adm 5051 2008-09-15 11:21 clamav.log -rw-r- 1 amavis adm 26171 2008-09-14 06:25 clamav.log.1 -rw-r- 1 amavis adm 10910 2008-09-15 11:26 freshclam.log -rw-r- 1 amavis adm 52195 2008-09-14 06:25 freshclam.log.1 And in my freshclam.conf, amavis is defined: DatabaseOwner amavis Does it match the output of: clamconf|grep DatabaseOwner ? Did you check if the partition is full? Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Lame mirror at [67.15.61.160]
Hello Paul, I'm in Canada and have set freshclam.conf appropriately, so this problem mirror is under the db.ca.clamav.net name. Could someone look into this? Is anyone else getting actual service from that IP? indeed that IP address shouldn't be there any longer. Thanks for noticing it. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] SubmitDetectionStats fails frequently
Hello Paul, At first, it seems to work, and I get a log message now and then like: SubmitDetectionStats: No new detection records found SubmitDetectionStats: Submitted 10 records But about 1 in 3 times, when fleshclam tries to submit them, it reports: ERROR: SubmitDetectionStats: Permanent failure I examined the clamd.log that you sent me via private email and noticed that you are using some third party sig. databases, including MSRBL: MSRBL-Images/0-0-wxYz.UNOFFICIAL FOUND This signature is causing a permanent failure because it doesn't follow our naming standard: slashes are not allowed in signature names (although the engine accepts them). We should probably contact MSRBL and ask them to modify their naming scheme. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] SubmitDetectionStats fails frequently
Hello Jerry, Just my personal opinion, but since the MSRBL signatures are using an established method of naming definition files, and since ClamAV does accept them for use with their Clamav engine, wouldn't it make more sense to modify ClamAV's new reporting function to properly indeed that's what we did for the time being. allow signatures with '/' included in their name. On another note, I also use the MSRBL signatures and have not noticed a problem yet. I guess I will have to more thoroughly check out the log files. I already contacted the kind guys of MSRBL and they said they have no objection to change their naming scheme. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Problem with a mirror (209.8.40.140)
Hello Leon, Starting Jan 5, we've been having a problem when hitting a certain mirror: 209.8.40.140 - badfish.securityminded.net I temporarily disabled the mirror and asked the sysadmin to investigate the problem. Regards, -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Daily 8867?
Hello McDonald,, According to the twitter feed, Daily 8867 had 1325 new signatures. But the [clamav-virusdb] mailing doesn't have a single entry without Added: No. Where do the 1325 new entries come from? Added: No refers to samples. 1325 is the signatures count. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Where's daily update 8996?
Hello Randal, A quick nudge of the ClamAV team. Christoph Cordes announced update 8996 at 16:51GMT (or thereabouts), but there's no sign of it on mirrors... we have experienced some connectivity problems between the server where the CVD are created and the server which distributes them to the mirrors. The situation has improved now, but there are still some occasional outages. We are monitoring the situation. Regards, -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Update problem from same mirror every week
Hello Balkrishna, Foll. is the log entries when our server tries to update and ends up with foll. error same mirror with foll. ip is giving problem every week. so to solve this problem i am removing mirros.dat file. but what will be the permanent solution for this? Looks like 219.94.128.99 has disabled db.local.clamav.net in the list of supported vhosts. I can successfully download daily.cvd/cdiff from db.jp.clamav.net / clamav.yukiguni.net but not db.local.clamav.net . If you are in Japan, I recommend that you modify your freshclam.conf with your country code (check ClamAV docs for an explanation - in short replace db.local.clamav.net with db.jp.clamav.net). I'm going to contact the sysadmin of clamav.yukiguni.net and ask him to enable db.local.clamav.net in his list of vhosts. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Where's daily update 8996?
Hello, The situation has improved now, but there are still some occasional outages. We are monitoring the situation. the problem has been solved. We are still closely monitoring the situation but we don't expect other outages anytime soon. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Update problem from same mirror every week
Hello Balkrishna, With db.local.clamav.net i am able to download updates with other mirrors in round robin format But when this particular ip comes in round robin format then we get stuck. I am in India and after reading clamav doc I found that India is not in mirror list so please suggest which will be the better mirror for us. You shall replace db.local.clamav.net with db.in.clamav.net (please review clamdoc.pdf for a full explanation) Anyway I got a reply from clamav.yukiguni.net sysadmin, he fixed the vhost problem, so you shouldn't get that error any longer. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] virus submission not processed
Hello Karlheinz, Last week (9.2.2009) I submit a not detected trojan and got no response till yesterday. The note was: The following submissions have been processed and published: - 6586942 Trojan.Zbot-3045 but today I test again and clamav told me the file is ok. I tried to scan submission 6586942 and it's correctly detected as Trojan.Zbot-3045. Feel free to resubmit the sample, if it's already detected you'll get an error message and you'll know that there is a problem with your setup. If it's not detected, it means you got confused with which sample you actually submitted and we'll get a chance to review the correct sample. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] List bounce error
Hello Török, This is a delivery status notification from exa.billmerriam.com, running the Courier mail server, version 0.54.1. Yes, I've just received one of these. removed, Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Functionality level message with virus definition update version 9081.
Hello fchan, I was doing a freshclam -v and got the current version 9081 of the virus definitions but I got this: WARNING: Current functionality level = 38, recommended = 39 this was an error on my side. We are experimenting some new features in ClamAV 0.95 and I made a mistake and kicked out a db with an increased FLEVEL. It should be corrected in the latest CVD update. You can safely ignore this temporary warning. It should go away in a matter of minutes. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Suggestion
Hello Tom, What I would like (and I think that others that submit malware files to clamav.net would like) is for clamav.net to provide a method for us to programmatically query to determine if either 1) the file has already been determined by clamav to be not malicious or 2) you have this could be difficult the file in your processing queue and don't need a second copy. This I need to discuss this with the rest of the team, but in general I think it's a good idea. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Mirror problems this morning
Hello Jason, I was unable to get updates for about an hour and a half this morning. Was this a known issue? Log at pastebin has EDT (UTC-04:00) timestamps. There was an error during the generation of safebrowsing incremental update. We have identified the set of signature updates that caused the problem and we have promptly removed the culprit cdiff from the mirrors. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Signature dups
Hello Tom, I like having a central DB. In fact I think the central DB should be queryable (eg submit signatures and get feedback if they are already superceded but other detections) I don't think this is technically feasible: there is no easy way to say whether a particular signature is superseded by another. On a similar line I suggested to Luca a while ago that it would be go if you maintained a DB of MD5 signatures of files that you have processed. [snip] As far as an MD5 DB, I would like it to include the following status: in queue, verified benign, and in work. This would allow me to know that you have it and know when something is benign. I know you must have something like this internally if for any reason to cull dups and to checkout or As I explained to you via private email, we do NOT have such information. Our sigmakers only do two things when reviewing malware samples: either they generate a signature that detects the sample, or they discard the sample. In the past, they used to set the status of the sample to in work, verified malware/verified benign (to use your naming conventions), but now they don't do it any longer, due to the amount of samples we receive every day (between 2 and 3 GBs). signature creation so adding some exposure of the DB shouldn't be an issue. It would be possible to expose it - although not easy due to security policies - if we had it. But we don't. Regards, -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] website issue
Hello CC, With regards to the following link, the 4th point has a missing closing /a. http://www.clamav.net/support/faq/faq-misc/ thanks for spotting this, fixed. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Trying host database.clamav.net (188.40.42.237)
Hello Aiko, does anybody else has problems with 188.40.42.237? I'm facing some issues for several days. ERROR: getpatch: Can't download safebrowsing-5436.cdiff from database.clamav.net WARNING: Incremental update failed, trying to download safebrowsing.cvd WARNING: Mirror 188.40.42.237 is not synchronized. This is a new mirror that has been added last week. I didn't find any problems with it. I cannot reproduce your problem. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Next clamav release
Hello, It could be great if we can find the below details in clamav.net - Upcoming release - Estimated time of arrival - Major features of the release. The roadmap for the next major release of ClamAV is now on our website: http://www.clamav.net/about/roadmap/ Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] DHL invoices
Hello Jari, clamav NOW detects that even without pua, things updated. But the older DHL-incoices. No. Not even with detect-pua=yes. what does the form answer you when you try to submit it? It should reject it with a message. That message can help us to track down the issue. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] DHL invoices
Hello Jari, clamav NOW detects that even without pua, things updated. But the older DHL-incoices. No. Not even with detect-pua=yes. what does the form answer you when you try to submit it? It should reject it with a message. That message can help us to track down the issue. It says ClamAV already detects the posted sample, and lists the latest version tags. It claims to have detected it, but my copy (Debian volatile) with latest versions does not. Yeah, we already know that. Can you please cutpaste the full message returned by the form? Thanks, Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] cld and cvd
Hello Frédéric, I have configured an internal mirror updating through internet (proxy) via this command /usr/bin/freshclam --config-file=/etc/freshclam.conf executed every hour with cron. My freshclam.conf contains ScriptedUpdates yes but I still got daily.cld in /var/clamav/ You also need to set: CompressLocalDatabase yes in freshclam.conf . I just updated the FAQ. Regards, -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] cld and cvd
Hello ClamAV, I have configured an internal mirror updating through internet (proxy) via this command /usr/bin/freshclam --config-file=/etc/freshclam.conf executed every hour with cron. My freshclam.conf contains ScriptedUpdates yes but I still got daily.cld in /var/clamav/ You also need to set: CompressLocalDatabase yes Actually I made a mistake: you want ScriptedUpdates no in your freshclam.conf . Sorry for the mess. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Clamd Monitor
Hello Nathan, If anyone here is using the mon software, http://mon.wiki.kernel.org/ There is a clamd monitor at http://www.cmpublishers.com/oss/ seems useful, I would add it to our misc tools page (http://www.clamav.net/download/third-party-tools/3rdparty-misc) but I cannot open your website at the moment. Tried from multiple connections. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Clamav Wiki
Hello Nathan, Is the Wiki having issues or is it just me. I haven't been able to access it since last night. Looks like this box needed a ram upgrade. I'm happy to see that lot of people are using our wiki :) I just put the server back online. Regards, -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] SubmitDetectionStats Error
Hello, the stats server is under maintenance as freshclam is reporting to some of you. I don't know why some of you are getting a different error message, I'll investigate that. I expect it to be back online in ~24h. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Best way to mirror database updates
Hello Dan, I am wondering what is the best way to mirror database updates. http://www.clamav.net/support/faq/faq-cvd Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] SubmitDetectionStats Error
Hello Greg, FYI, I'm still getting the submission error. ERROR: SubmitDetectionStats: Remote server reported temporary failure: under maintenance it looks like it will need some more time. I hope it will be back online by monday. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] SubmitDetectionStats Error
Hello, FYI, I'm still getting the submission error. ERROR: SubmitDetectionStats: Remote server reported temporary failure: under maintenance it looks like it will need some more time. I hope it will be back online by monday. The service is back online. We are trying to do the best that we can with the resources we have. I had to take the service down because we were running short of space and our budget currently doesn't allow to allocate more resources to this service. Admittedly, this sucks. Good news is that I made use of this time to add support for per user statistics, a new feature that will be launched together with 0.96 (see our roadmap: http://www.clamav.net/about/roadmap). I'm always receptive to constructive criticism and advice and I'm happy that so many people on this mailing list were able to provide such an high-level feedback in this occasion. Thanks to all of you! -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] SubmitDetectionStats Error
Hello Tom, Based upon your budget and equipment constraints as stated above, the recent outage, and considering the increased realtime services to be made available shortly, the user community needs a status dashhboard at clamav.net for now and for the future. maybe we could just start with a dedicated twitter account (clamav_infrastructure or something similar) where I could post updates regarding planned downtimes similar stuff. I've seen other projects doing the same. Luca, I know you are stressed and I will offer some help for this I'm not stressed, just very busy :) project during my free time ;-) if you need and I am sure that others on this list will offer support as well.. your help with this task is more than welcome. I could use some help also with other projects which are currently scheduled for 0.96. I'm going to build a web interface to allow testing and publishing 3rd party CVDs through our mirror infrastructure. 0.96 will make it possible to enable third party databases by simply turning on an option in freshclam.conf . Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Detection Reporting
Hello Tom, I have been looking at performing a single freshclam update and then distributing that update internally but I cannot find how to report detections from all the internal systems. Anyone have an idea on what I am missing? You have to run freshclam --submit-stats in crontab. It will submit stats without attempting to update the cvd. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Submit form treating samples as false positives
Hello rafa, When submitting samples they are treated as false positives. This file is not detected by ClamAV. Please update your CVD database before reporting false-positives. If you are using third-party databases/unofficial signatures, please contact the author of the signature. We can only process false-positives generated by ClamAV Official signatures. That was a temporary problem which was solved shortly after. I can see from the logs that it affected only a couple of submissions. You should be able to submit your samples as usual now. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Bad link on site to 0.96RC1
Hello Tom, The link on http://www.clamav.net/ to 0.96.rc1 actually downloads 0.95.3. both links on www.clamav.net and www.clamav.net/download/sources work correctly for me. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Keep getting this error: SubmitDetectionStats: Incorrect answer from server
Hello James, Looking at my Freshclam logs, since 8 Oct 09 I've been getting this error: ERROR: SubmitDetectionStats: Incorrect answer from server Could it be firewall issue on my part? Or something else? I'm on latest stable version. can you ping stats.clamav.net ? Are you using third party dbs? Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] FYI
Hello Tom, Link to 0.95.3 on http://www.clamav.net/download/sources/ actually goes to 0.96rc1 indeed, I just updated it. Thanks for reporting the problem. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Keep getting this error: SubmitDetectionStats: Incorrect answer from server
Hello James, can you ping stats.clamav.net ? Are you using third party dbs? Yes to both questions. it's possible that the stats server is rejecting virusnames that don't follow our guidelines. We have no control over the virusnames of third party dbs. Could you do the following: - try to submit your stats with freshclam --submit-stats - if it fails, send me your clamd.log (via private email) or even better, open a bug report and attach the log. Thanks, Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] DNS Warning also showing up now on 0.95.3
Hello George, This is not an acceptable solution here for us...we have over 50 machines and several scripts on each that will need updating...what exactly is broken here...I'm seeing this error in the 0.95.3 version as well so it has NOTHING to do with 0.96 One of our DNS servers (ns5.clamav.net specifically) is acting up. That's why you see the error only occasionally, the other DNS servers are working fine. I'm working on the problem. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] DNS Warning also showing up now on 0.95.3
Hello, This is not an acceptable solution here for us...we have over 50 machines and several scripts on each that will need updating...what exactly is broken here...I'm seeing this error in the 0.95.3 version as well so it has NOTHING to do with 0.96 One of our DNS servers (ns5.clamav.net specifically) is acting up. That's why you see the error only occasionally, the other DNS servers are working fine. I'm working on the problem. Problem should be solved. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml