[toaster] clamav: 0.90.2 == 0.94 ???
Please, advise. What is required to upgrade my toasters (many !!!) from clamav 0.90.2, which is the latest in Bill's Linux Qmail Toaster v. 0.9.2, to clamav WARNING: Local version: 0.90.2 Recommended version: 0.94 ??? According to here: http://shupp.org/toaster/?page=clamav we _require_ a patch: wget http://shupp.org/patches/clamav-0.90.2.patch What am I missing? -- Best Regards, Mike Schleif mds resource 877.596.8237 - Sell Your House In Two (2) Weeks http://SellItIn2Weeks.com -- signature.asc Description: Digital signature
Re: [toaster] clamav: 0.90.2 == 0.94 ???
The patch is required if you're running clamav via supervise. If no newer patch is available then stop running it via supervise and install the latest version as per the clamav website. Regards, Tren - Original Message - From: Mike Schleif [EMAIL PROTECTED] To: shupp-toaster mailing list toaster@shupp.org Sent: Tue Sep 09 19:09:23 2008 Subject: [toaster] clamav: 0.90.2 == 0.94 ??? Please, advise. What is required to upgrade my toasters (many !!!) from clamav 0.90.2, which is the latest in Bill's Linux Qmail Toaster v. 0.9.2, to clamav WARNING: Local version: 0.90.2 Recommended version: 0.94 ??? According to here: http://shupp.org/toaster/?page=clamav we _require_ a patch: wget http://shupp.org/patches/clamav-0.90.2.patch What am I missing? -- Best Regards, Mike Schleif mds resource 877.596.8237 - Sell Your House In Two (2) Weeks http://SellItIn2Weeks.com --
Re: [toaster] clamav: 0.90.2 == 0.94 ???
We are running Debian exclusively. Recently, I discovered deb http://volatile.debian.org/debian-volatile etch/volatile main This allows me to keep up with clamav on my personal servers. Is there some pathing issues with that clamav and toaster? What do you think? * Tren Blackburn [EMAIL PROTECTED] [2008:09:09:19:11:39-0700] scribed: The patch is required if you're running clamav via supervise. If no newer patch is available then stop running it via supervise and install the latest version as per the clamav website. Regards, Tren - Original Message - From: Mike Schleif [EMAIL PROTECTED] To: shupp-toaster mailing list toaster@shupp.org Sent: Tue Sep 09 19:09:23 2008 Subject: [toaster] clamav: 0.90.2 == 0.94 ??? Please, advise. What is required to upgrade my toasters (many !!!) from clamav 0.90.2, which is the latest in Bill's Linux Qmail Toaster v. 0.9.2, to clamav WARNING: Local version: 0.90.2 Recommended version: 0.94 ??? According to here: http://shupp.org/toaster/?page=clamav we _require_ a patch: wget http://shupp.org/patches/clamav-0.90.2.patch What am I missing? -- Best Regards, Mike Schleif mds resource 877.596.8237 - Sell Your House In Two (2) Weeks http://SellItIn2Weeks.com -- signature.asc Description: Digital signature
Re: [toaster] clamav: 0.90.2 == 0.94 ???
On Tue, 2008-09-09 at 21:48 -0500, Mike Schleif wrote: I havnt used the patch on any newer versions of clamav as its only for config options anyway. Simply download and compile the new version and check the upgrade notes for .93 about the changes to some of the config option, change them in your config file and install and restart clamd. I have been running .94 on a number of servers for about a week now with no problems. Shane We are running Debian exclusively. Recently, I discovered deb http://volatile.debian.org/debian-volatile etch/volatile main This allows me to keep up with clamav on my personal servers. Is there some pathing issues with that clamav and toaster? What do you think? * Tren Blackburn [EMAIL PROTECTED] [2008:09:09:19:11:39-0700] scribed: The patch is required if you're running clamav via supervise. If no newer patch is available then stop running it via supervise and install the latest version as per the clamav website. Regards, Tren - Original Message - From: Mike Schleif [EMAIL PROTECTED] To: shupp-toaster mailing list toaster@shupp.org Sent: Tue Sep 09 19:09:23 2008 Subject: [toaster] clamav: 0.90.2 == 0.94 ??? Please, advise. What is required to upgrade my toasters (many !!!) from clamav 0.90.2, which is the latest in Bill's Linux Qmail Toaster v. 0.9.2, to clamav WARNING: Local version: 0.90.2 Recommended version: 0.94 ??? According to here: http://shupp.org/toaster/?page=clamav we _require_ a patch: wget http://shupp.org/patches/clamav-0.90.2.patch What am I missing?
Re: [toaster] clamav: 0.90.2 == 0.94 ???
I don't run debian so I can't answer on that. I build clamav directly from the source that is published via the clamav project. Running someone elses binaries/builds is asking for trouble sometimes since you don't always get vanilla in the package. Just my two cents. As far as I know however as long as clamav is in the path somewhere you should be fine, but not knowing your setup, I could be mistaken. A certain amount of this should be trial on your part. Setup a test box/vm that you can try things on. It's what I do, and probably what most others do as well. Regards, Tren - Original Message - From: Mike Schleif [EMAIL PROTECTED] To: toaster@shupp.org toaster@shupp.org Sent: Tue Sep 09 19:48:44 2008 Subject: Re: [toaster] clamav: 0.90.2 == 0.94 ??? We are running Debian exclusively. Recently, I discovered deb http://volatile.debian.org/debian-volatile etch/volatile main This allows me to keep up with clamav on my personal servers. Is there some pathing issues with that clamav and toaster? What do you think? * Tren Blackburn [EMAIL PROTECTED] [2008:09:09:19:11:39-0700] scribed: The patch is required if you're running clamav via supervise. If no newer patch is available then stop running it via supervise and install the latest version as per the clamav website. Regards, Tren - Original Message - From: Mike Schleif [EMAIL PROTECTED] To: shupp-toaster mailing list toaster@shupp.org Sent: Tue Sep 09 19:09:23 2008 Subject: [toaster] clamav: 0.90.2 == 0.94 ??? Please, advise. What is required to upgrade my toasters (many !!!) from clamav 0.90.2, which is the latest in Bill's Linux Qmail Toaster v. 0.9.2, to clamav WARNING: Local version: 0.90.2 Recommended version: 0.94 ??? According to here: http://shupp.org/toaster/?page=clamav we _require_ a patch: wget http://shupp.org/patches/clamav-0.90.2.patch What am I missing? -- Best Regards, Mike Schleif mds resource 877.596.8237 - Sell Your House In Two (2) Weeks http://SellItIn2Weeks.com --
Re: [toaster] clamav: 0.90.2 == 0.94 ???
* Tren Blackburn [EMAIL PROTECTED] [2008:09:09:19:11:39-0700] scribed: The patch is required if you're running clamav via supervise. If no newer patch is available then stop running it via supervise and install the latest version as per the clamav website. Yes, we are running it under supervise. HOW do I stop clam completely? # ps aux | grep clam clamav2515 0.0 0.2 2812 1292 ?Ss Sep08 0:00 /usr/local/bin/freshclam -d root 2667 0.0 0.0 1488 316 ?SSep08 0:00 supervise clamd clamav2673 47.9 15.6 152000 80640 ?RSep08 987:04 /usr/local/sbin/clamd clamav2679 0.0 0.0 1628 384 ?SSep08 0:00 /usr/local/bin/multilog t /var/log/clamd clamav 21312 0.0 0.1 1940 640 ?S20:59 0:00 /var/qmail/bin/simscan clamav 21314 0.0 0.1 2616 720 ?S20:59 0:00 clamdscan --stdout clamav 21379 0.0 0.1 1940 640 ?S21:00 0:00 /var/qmail/bin/simscan clamav 21381 0.0 0.1 2616 720 ?S21:00 0:00 clamdscan --stdout clamav 21385 0.0 0.1 1940 640 ?S21:00 0:00 /var/qmail/bin/simscan clamav 21387 0.0 0.1 2616 720 ?S21:00 0:00 clamdscan --stdout clamav 21409 0.0 0.1 1940 640 ?S21:00 0:00 /var/qmail/bin/simscan clamav 21411 0.0 0.1 2616 720 ?S21:00 0:00 clamdscan --stdout clamav 21416 0.0 0.1 1940 640 ?S21:01 0:00 /var/qmail/bin/simscan clamav 21418 0.0 0.1 2616 720 ?S21:01 0:00 clamdscan --stdout clamav 21419 0.0 0.1 1940 640 ?S21:01 0:00 /var/qmail/bin/simscan . . . Then, HOW do I UN-supervise it? Regards, Tren - Original Message - From: Mike Schleif [EMAIL PROTECTED] To: shupp-toaster mailing list toaster@shupp.org Sent: Tue Sep 09 19:09:23 2008 Subject: [toaster] clamav: 0.90.2 == 0.94 ??? Please, advise. What is required to upgrade my toasters (many !!!) from clamav 0.90.2, which is the latest in Bill's Linux Qmail Toaster v. 0.9.2, to clamav WARNING: Local version: 0.90.2 Recommended version: 0.94 ??? According to here: http://shupp.org/toaster/?page=clamav we _require_ a patch: wget http://shupp.org/patches/clamav-0.90.2.patch What am I missing? -- Best Regards, Mike Schleif mds resource 877.596.8237 - Sell Your House In Two (2) Weeks http://SellItIn2Weeks.com -- signature.asc Description: Digital signature
Re: [toaster] clamav: 0.90.2 == 0.94 ???
On Tue, 2008-09-09 at 21:55 -0500, Mike Schleif wrote: svc -d /service/clamd svc -d /service/clamd and to restart replace the -d with -u * Tren Blackburn [EMAIL PROTECTED] [2008:09:09:19:11:39-0700] scribed: The patch is required if you're running clamav via supervise. If no newer patch is available then stop running it via supervise and install the latest version as per the clamav website. Yes, we are running it under supervise. HOW do I stop clam completely? # ps aux | grep clam clamav2515 0.0 0.2 2812 1292 ?Ss Sep08 0:00 /usr/local/bin/freshclam -d root 2667 0.0 0.0 1488 316 ?SSep08 0:00 supervise clamd clamav2673 47.9 15.6 152000 80640 ?RSep08 987:04 /usr/local/sbin/clamd clamav2679 0.0 0.0 1628 384 ?SSep08 0:00 /usr/local/bin/multilog t /var/log/clamd clamav 21312 0.0 0.1 1940 640 ?S20:59 0:00 /var/qmail/bin/simscan clamav 21314 0.0 0.1 2616 720 ?S20:59 0:00 clamdscan --stdout clamav 21379 0.0 0.1 1940 640 ?S21:00 0:00 /var/qmail/bin/simscan clamav 21381 0.0 0.1 2616 720 ?S21:00 0:00 clamdscan --stdout clamav 21385 0.0 0.1 1940 640 ?S21:00 0:00 /var/qmail/bin/simscan clamav 21387 0.0 0.1 2616 720 ?S21:00 0:00 clamdscan --stdout clamav 21409 0.0 0.1 1940 640 ?S21:00 0:00 /var/qmail/bin/simscan clamav 21411 0.0 0.1 2616 720 ?S21:00 0:00 clamdscan --stdout clamav 21416 0.0 0.1 1940 640 ?S21:01 0:00 /var/qmail/bin/simscan clamav 21418 0.0 0.1 2616 720 ?S21:01 0:00 clamdscan --stdout clamav 21419 0.0 0.1 1940 640 ?S21:01 0:00 /var/qmail/bin/simscan . . . Then, HOW do I UN-supervise it? Regards, Tren - Original Message - From: Mike Schleif [EMAIL PROTECTED] To: shupp-toaster mailing list toaster@shupp.org Sent: Tue Sep 09 19:09:23 2008 Subject: [toaster] clamav: 0.90.2 == 0.94 ??? Please, advise. What is required to upgrade my toasters (many !!!) from clamav 0.90.2, which is the latest in Bill's Linux Qmail Toaster v. 0.9.2, to clamav WARNING: Local version: 0.90.2 Recommended version: 0.94 ??? According to here: http://shupp.org/toaster/?page=clamav we _require_ a patch: wget http://shupp.org/patches/clamav-0.90.2.patch What am I missing?
Re: [toaster] clamav: 0.90.2 == 0.94 ???
This would be a case where you should understand how supervise works. Check the manual pages and documentation. You should understand the tools you're using. Starting/stopping supervised programs and adding/removing them should be something you know to do. if you read the toaster instructions you should be able to see the process gone about to supervise something. Go backwards to unsupervise it. HTH - Original Message - From: Mike Schleif [EMAIL PROTECTED] To: toaster@shupp.org toaster@shupp.org Sent: Tue Sep 09 19:55:10 2008 Subject: Re: [toaster] clamav: 0.90.2 == 0.94 ??? * Tren Blackburn [EMAIL PROTECTED] [2008:09:09:19:11:39-0700] scribed: The patch is required if you're running clamav via supervise. If no newer patch is available then stop running it via supervise and install the latest version as per the clamav website. Yes, we are running it under supervise. HOW do I stop clam completely? # ps aux | grep clam clamav2515 0.0 0.2 2812 1292 ?Ss Sep08 0:00 /usr/local/bin/freshclam -d root 2667 0.0 0.0 1488 316 ?SSep08 0:00 supervise clamd clamav2673 47.9 15.6 152000 80640 ?RSep08 987:04 /usr/local/sbin/clamd clamav2679 0.0 0.0 1628 384 ?SSep08 0:00 /usr/local/bin/multilog t /var/log/clamd clamav 21312 0.0 0.1 1940 640 ?S20:59 0:00 /var/qmail/bin/simscan clamav 21314 0.0 0.1 2616 720 ?S20:59 0:00 clamdscan --stdout clamav 21379 0.0 0.1 1940 640 ?S21:00 0:00 /var/qmail/bin/simscan clamav 21381 0.0 0.1 2616 720 ?S21:00 0:00 clamdscan --stdout clamav 21385 0.0 0.1 1940 640 ?S21:00 0:00 /var/qmail/bin/simscan clamav 21387 0.0 0.1 2616 720 ?S21:00 0:00 clamdscan --stdout clamav 21409 0.0 0.1 1940 640 ?S21:00 0:00 /var/qmail/bin/simscan clamav 21411 0.0 0.1 2616 720 ?S21:00 0:00 clamdscan --stdout clamav 21416 0.0 0.1 1940 640 ?S21:01 0:00 /var/qmail/bin/simscan clamav 21418 0.0 0.1 2616 720 ?S21:01 0:00 clamdscan --stdout clamav 21419 0.0 0.1 1940 640 ?S21:01 0:00 /var/qmail/bin/simscan . . . Then, HOW do I UN-supervise it? Regards, Tren - Original Message - From: Mike Schleif [EMAIL PROTECTED] To: shupp-toaster mailing list toaster@shupp.org Sent: Tue Sep 09 19:09:23 2008 Subject: [toaster] clamav: 0.90.2 == 0.94 ??? Please, advise. What is required to upgrade my toasters (many !!!) from clamav 0.90.2, which is the latest in Bill's Linux Qmail Toaster v. 0.9.2, to clamav WARNING: Local version: 0.90.2 Recommended version: 0.94 ??? According to here: http://shupp.org/toaster/?page=clamav we _require_ a patch: wget http://shupp.org/patches/clamav-0.90.2.patch What am I missing? -- Best Regards, Mike Schleif mds resource 877.596.8237 - Sell Your House In Two (2) Weeks http://SellItIn2Weeks.com --
[toaster] ClamAV 0.92.1
Hi, Has anyone successfully upgrade the toaster with ClamAV 0.92.1 yet? Does it need to be patched with clamav-0.90.2.patch or it can do without it? thanks
[toaster] clamav
Hi, Has anyone successfully run shupp toaster with clamav 0.92.1? Regards
[toaster] ClamAV 0.90.2 and PDF-Support
Hello! I just upgraded to clamav 0.90.2. Did anyone test PDF support? What is the threat? What are your opinions about it? Claas - clamd daemon 0.90.2 (OS: linux-gnu, ARCH: i386, CPU: i686) Log file size limited to 1048576 bytes. Reading databases from /usr/local/share/clamav Loaded 109606 signatures. Unix socket file /tmp/clamd Setting connection queue length to 15 Listening daemon: PID: 768 Archive: Archived file size limit set to 10485760 bytes. Archive: Recursion level limit set to 8. Archive: Files limit set to 1000. Archive: Compression ratio limit set to 250. Archive support enabled. Algorithmic detection enabled. Portable Executable support enabled. ELF support enabled. Mail files support enabled. Mail: Recursion level limit set to 64. OLE2 support enabled. PDF support disabled. HTML support enabled. Self checking every 1800 seconds.
[toaster] clamav-0.90.1 ???
We want to upgrade our clamav. We have found patches for 0.90.0: http://www.mail-archive.com/toaster@shupp.org/msg04112.html We cannot find: clamav-0.90.0. Are the above referenced patches ALSO OK for clamav-0.90.1 ??? What do you think? -- Best Regards, mds mds resource 877.596.8237 - Dare to fix things before they break . . . - Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . -- signature.asc Description: Digital signature
Re: [toaster] clamav-0.90.1 ???
Michael D Schleif wrote: We want to upgrade our clamav. We have found patches for 0.90.0: http://www.mail-archive.com/toaster@shupp.org/msg04112.html We cannot find: clamav-0.90.0. Are the above referenced patches ALSO OK for clamav-0.90.1 ??? What do you think? Don't use the stderr patch, it's no longer needed. Also, make sure you comment out the LogFile directive. Other than that, the conf patches should be ok. I'll update them to not use the LogFile directive anymore. Bill
Re: [toaster] ClamAV 0.90 SimScan 1.3.1
Hi, just upgraded to SimScan v1.3.1 as well, and mails are coming in, however, I see error messages in the logs: - simscan: connect error 2 - remote natfruni.rzone.de:unknown:81.169.145.180 rcpt : temporary DNS problem [might not be related] For the installation I basically followed Bill's instructions. Any thoughts? Thanks, Guido Claas Langbehn wrote: Hello! Has anyone done a new install with the new ClamAV V0.90 and SimScan V1.3.1? I have. SimScan configure is looking for a daily.cvd and current ClamAV doesn't have one. Tried creating an empty file but simscanmk -g is too smart for that. Suggestions? Comments? Use: --enable-received=n ./configure --enable-clamav=y --enable-spam=n --enable-attach=y \ --enable-received=n --enable-ripmime --enable-per-domain=y Like this it'll work, but without adding the received header. claas
Re: [toaster] clamav 0.90 patches up
Bill Shupp wrote: I do have this side-effect also. I added LogTime to the file, and first of the lines has the time, but the second one does not. I'm seeing this as well. I suspect the shared/output.c patch might be responsible, I'll look more closely when I have time. It appears the stderr patch is no longer needed. I removed the patch, and commented out the LogFile directive in clamd.conf, and it's logging correctly now. Thanks to Eric Shubert for pointing this out. Regards, Bill
Re: [toaster] clamav 0.90 patches up
Sam Laffere wrote: I am still running as clamav. I did not need to make any changes here This is correct. There is no need to run as simscan in the default setup. Second, there is a strange side-effect in /var/log/clamd/current. Each line of clamd is being logged twice. I do have this side-effect also. I added LogTime to the file, and first of the lines has the time, but the second one does not. I'm seeing this as well. I suspect the shared/output.c patch might be responsible, I'll look more closely when I have time. Third, I have to mention that simscan 1.2 did not work, but simscan-1.3.1 does work very good. I am still running simscan 1.2. No problems yet. Same here. Regards, Bill
[toaster] ClamAV 0.90 SimScan 1.3.1
Has anyone done a new install with the new ClamAV V0.90 and SimScan V1.3.1? SimScan configure is looking for a daily.cvd and current ClamAV doesn't have one. Tried creating an empty file but simscanmk -g is too smart for that. Suggestions? Comments? Bill Rowe
Re: [toaster] ClamAV 0.90 SimScan 1.3.1
Hello! Has anyone done a new install with the new ClamAV V0.90 and SimScan V1.3.1? I have. SimScan configure is looking for a daily.cvd and current ClamAV doesn't have one. Tried creating an empty file but simscanmk -g is too smart for that. Suggestions? Comments? Use: --enable-received=n ./configure --enable-clamav=y --enable-spam=n --enable-attach=y \ --enable-received=n --enable-ripmime --enable-per-domain=y Like this it'll work, but without adding the received header. claas
Re: [toaster] clamav 0.90 patches up
Bill, Thanks for the updated files. I just upgraded my installation, and wanted to post what I found. Claas Langbehn wrote: First of all, I needed to run clamd as user simscan, as adding clamav to the group simscan did not help. I think it is because setuidgid drops additional groups. Now it works. See my /var/qmail/supervise/clamd/run: I am still running as clamav. I did not need to make any changes here Second, there is a strange side-effect in /var/log/clamd/current. Each line of clamd is being logged twice. I do have this side-effect also. I added LogTime to the file, and first of the lines has the time, but the second one does not. Third, I have to mention that simscan 1.2 did not work, but simscan-1.3.1 does work very good. I am still running simscan 1.2. No problems yet. Sam
Re: [toaster] clamav 0.90 patches up
Hello Bill, I just tried the three patches and I want to give you some feedback: First of all, I needed to run clamd as user simscan, as adding clamav to the group simscan did not help. I think it is because setuidgid drops additional groups. Now it works. See my /var/qmail/supervise/clamd/run: #!/bin/sh exec /usr/local/bin/setuidgid simscan /usr/local/sbin/clamd 21 Second, there is a strange side-effect in /var/log/clamd/current. Each line of clamd is being logged twice. Third, I have to mention that simscan 1.2 did not work, but simscan-1.3.1 does work very good. Many regards, claas
Re: [toaster] clamav 0.90 patches up
Hello, one more strange thing: Even though the infected emails are detected, simscan throws up an error before. simscan: connect error 2 simscan:[4367]:VIRUS:0.0688s:Eicar-Test-Signature:81.169.123.251::[EMAIL PROTECTED]: Does anyone know what connect error 2 is about? - Claas
Re: [toaster] clamav 0.90 patches up
Good Morning! simscan: connect error 2 I found out, what causes this. There is a P0F function that is not documented, yet. You can deactivate it by adding NOP0FCHECK=1 to your /home/vpopmail/etc/tcp.smtp and run qmailctl cdb afterwards. For example: :allow,QMAILQUEUE=/var/qmail/bin/simscan,NOP0FCHECK=1 claas
Re: [toaster] clamav 0.90 patches up
I had to go back at 0.88.x as CPU usage becomes extremely high and clamd hangs. Anyone has the same problem? Tonino At 19.39 14/02/2007, you wrote: I've posted patches for for clamav 0.90 for use with the standard toaster install: http://shupp.org/patches/clamav-0.90-conf.patch http://shupp.org/patches/clamav-0.90-freshclamconf.patch http://shupp.org/patches/clamav-0.90-stderr.patch Thanks to Dave Watson and Stephan Seitz, both of whom submitted updated 0.90 versions of the stderr patch. I've installed these patches on my system, and they are working as expected. Has anyone tried out the new experimental anti-phishing features yet? The Toaster documentation has not yet been updated with these patch versions, but that'll happen this week. I'm just about done porting it to DocBook format, with embedded gettext support for easy translation maintenance. I'll be releasing the DocBook files, PHP wrapper classes, and related scripts for anyone that finds them useful. Regards, Bill
Re: [toaster] clamav 0.90 patches up
At 18.10 18/02/2007, you wrote: I had to go back at 0.88.x as CPU usage becomes extremely high and clamd hangs. Anyone has the same problem? I use FreeBSD. Clamav docs say on FreeBSD and Solaris 0.90 has serious problems. Tonino Tonino At 19.39 14/02/2007, you wrote: I've posted patches for for clamav 0.90 for use with the standard toaster install: http://shupp.org/patches/clamav-0.90-conf.patch http://shupp.org/patches/clamav-0.90-freshclamconf.patch http://shupp.org/patches/clamav-0.90-stderr.patch Thanks to Dave Watson and Stephan Seitz, both of whom submitted updated 0.90 versions of the stderr patch. I've installed these patches on my system, and they are working as expected. Has anyone tried out the new experimental anti-phishing features yet? The Toaster documentation has not yet been updated with these patch versions, but that'll happen this week. I'm just about done porting it to DocBook format, with embedded gettext support for easy translation maintenance. I'll be releasing the DocBook files, PHP wrapper classes, and related scripts for anyone that finds them useful. Regards, Bill
Re: [toaster] clamav 0.90 patches up
On Feb 15, 2007, at 2:12 PM, Rick Macdougall wrote: One thing to keep in mind, if you are not using the :attach in simcontrol, do NOT enable rip mime in simscan as that will cause clamdscan to basically scan the message and the attachment twice. Clamav does a very good job of scanning encoded content and attachments all by itself. No need to duplicate effort. I recently took a look at ripmime to see if it had a setting that would simply dump the attachment filenames without actually creating the attachments. It, unfortunately, does not. I haven't looked at the source to see if it would be possible to build a modified version to accomplish my goals or not. I guess I could modify my simscan to run ripmime, look at the attachment filenames, and then delete them all before calling clamav. OR, I could simply pass the message file to clamav instead of having it scan the entire directory. In the case of large attachments, it's a big waste of CPU cycles to scan the entire message twice. I might just skip attachment blocking at this point, and hope that clamav will catch all of the scr and pif crap. -- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/
Re: [toaster] clamav 0.90 patches up
On Feb 14, 2007, at 10:39 AM, Bill Shupp wrote: I've installed these patches on my system, and they are working as expected. Bill, Have you (or anyone for that matter) seen any performance improvements from the new version? I noticed this line from the Release Notes: The email decoding has been improved to reduce both the memory requirements and the time taken to process attachments. I'm hoping that an upgrade will help system performance in times where it used to get bogged down when virus scanning. -- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/
Re: [toaster] clamav 0.90 patches up
Tom Collins wrote: On Feb 14, 2007, at 10:39 AM, Bill Shupp wrote: I've installed these patches on my system, and they are working as expected. Bill, Have you (or anyone for that matter) seen any performance improvements from the new version? I noticed this line from the Release Notes: The email decoding has been improved to reduce both the memory requirements and the time taken to process attachments. I'm hoping that an upgrade will help system performance in times where it used to get bogged down when virus scanning. I haven't noticed anything yet, but my hosting system is fairly low traffic. I'll have a better idea once I roll it out to some clients with much heavier smtp traffic. Regards, Bill
Re: [toaster] clamav 0.90 patches up
Tom Collins wrote: On Feb 14, 2007, at 10:39 AM, Bill Shupp wrote: I've installed these patches on my system, and they are working as expected. Bill, Have you (or anyone for that matter) seen any performance improvements from the new version? I noticed this line from the Release Notes: The email decoding has been improved to reduce both the memory requirements and the time taken to process attachments. I'm hoping that an upgrade will help system performance in times where it used to get bogged down when virus scanning. It seems quite a bit faster here, and my over all load averages are quite a bit lower. One thing to keep in mind, if you are not using the :attach in simcontrol, do NOT enable rip mime in simscan as that will cause clamdscan to basically scan the message and the attachment twice. Clamav does a very good job of scanning encoded content and attachments all by itself. No need to duplicate effort. Regards, Rick
[toaster] clamav 0.90 patches up
I've posted patches for for clamav 0.90 for use with the standard toaster install: http://shupp.org/patches/clamav-0.90-conf.patch http://shupp.org/patches/clamav-0.90-freshclamconf.patch http://shupp.org/patches/clamav-0.90-stderr.patch Thanks to Dave Watson and Stephan Seitz, both of whom submitted updated 0.90 versions of the stderr patch. I've installed these patches on my system, and they are working as expected. Has anyone tried out the new experimental anti-phishing features yet? The Toaster documentation has not yet been updated with these patch versions, but that'll happen this week. I'm just about done porting it to DocBook format, with embedded gettext support for easy translation maintenance. I'll be releasing the DocBook files, PHP wrapper classes, and related scripts for anyone that finds them useful. Regards, Bill
Re: [toaster] clamav 0.90 patches up
[EMAIL PROTECTED] wrote: Hi Bill, When I did upgraded to Clamav to 0.90 my toaster box . I cant received any mail. /var/log/qmail/smtpd/current says: ERROR: Parse error at line 39: Option LogClean requires boolean argument. /var/log/clamd/current says: ERROR: Parse error at line 39: Option LogClean requires boolean argument. ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf then I returned to Clamav 0.88.4. It is working any idea for 0.90 Thanks, YC I've posted patches for for clamav 0.90 for use with the standard toaster install: http://shupp.org/patches/clamav-0.90-conf.patch http://shupp.org/patches/clamav-0.90-freshclamconf.patch http://shupp.org/patches/clamav-0.90-stderr.patch Thanks to Dave Watson and Stephan Seitz, both of whom submitted updated 0.90 versions of the stderr patch. I've installed these patches on my system, and they are working as expected. remove /usr/local/etc/clamd.conf than make install new clamav, it works.. -- Ahmet YAZICI In general, avoiding problems is better than solving them.
Re: [toaster] clamav 0.90 patches up
Ahmet YAZICI wrote: [EMAIL PROTECTED] wrote: Hi Bill, When I did upgraded to Clamav to 0.90 my toaster box . I cant received any mail. /var/log/qmail/smtpd/current says: ERROR: Parse error at line 39: Option LogClean requires boolean argument. /var/log/clamd/current says: ERROR: Parse error at line 39: Option LogClean requires boolean argument. ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf then I returned to Clamav 0.88.4. It is working any idea for 0.90 remove /usr/local/etc/clamd.conf than make install new clamav, it works.. Yeah, this is actually what I did as well. I should add a note for that when I update the docs. Regards, Bill
[toaster] ClamAV Error
This morning I did an update on my Clam AV from the toaster site and I am getting this error in my log when I reload: @4000445c8c52170420c4 +++ Started at Sat May 6 06:45:12 2006 @4000445c8c5217042c7c clamd daemon 0.88.1 (OS: linux-gnu, ARCH: i386, CPU: i686) @4000445c8c521704344c Log file size limited to 1048576 bytes. @4000445c8c5217043834 Verbose logging activated. @4000445c8c5217044004 Reading databases from /usr/local/share/clamav @4000445c8c5430ff7adc LibClamAV Warning: @4000445c8c5431000f4c LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** @4000445c8c5431001eec LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html *** @4000445c8c5431002aa4 LibClamAV Warning: @4000445c8c5436fac694 Protecting against 54291 viruses. @4000445c8c5437763824 Unix socket file /tmp/clamd @4000445c8c543776a96c Setting connection queue length to 15 @4000445c8c543776b13c Listening daemon: PID: 3013 @4000445c8c543776f78c Archive: Archived file size limit set to 10485760 bytes. @4000445c8c543776ff5c Archive: Recursion level limit set to 8. @4000445c8c5437770b14 Archive: Files limit set to 1000. @4000445c8c54377712e4 Archive: Compression ratio limit set to 250. @4000445c8c5437771ab4 Archive support enabled. @4000445c8c543777554c Archive: RAR support disabled. @4000445c8c5437776104 Portable Executable support enabled. @4000445c8c54377768d4 Mail files support enabled. @4000445c8c5430a4 OLE2 support enabled. @4000445c8c543874 HTML support enabled. @4000445c8c5437778044 Self checking every 1800 seconds. Have I done something wrong to still be getting an outdated error? Thanks; Michael Bagnall ElusiveMind [EMAIL PROTECTED] http://elusivemind.net
Re: [toaster] ClamAV Error
On Saturday 06 May 2006 19:49, Michael R. Bagnall wrote: Did you stop clam while you installed it? How about freshclam too? This morning I did an update on my Clam AV from the toaster site and I am getting this error in my log when I reload: @4000445c8c52170420c4 +++ Started at Sat May 6 06:45:12 2006 @4000445c8c5217042c7c clamd daemon 0.88.1 (OS: linux-gnu, ARCH: i386, CPU: i686) @4000445c8c521704344c Log file size limited to 1048576 bytes. @4000445c8c5217043834 Verbose logging activated. @4000445c8c5217044004 Reading databases from /usr/local/share/clamav @4000445c8c5430ff7adc LibClamAV Warning: @4000445c8c5431000f4c LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** @4000445c8c5431001eec LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html *** @4000445c8c5431002aa4 LibClamAV Warning: @4000445c8c5436fac694 Protecting against 54291 viruses. @4000445c8c5437763824 Unix socket file /tmp/clamd @4000445c8c543776a96c Setting connection queue length to 15 @4000445c8c543776b13c Listening daemon: PID: 3013 @4000445c8c543776f78c Archive: Archived file size limit set to 10485760 bytes. @4000445c8c543776ff5c Archive: Recursion level limit set to 8. @4000445c8c5437770b14 Archive: Files limit set to 1000. @4000445c8c54377712e4 Archive: Compression ratio limit set to 250. @4000445c8c5437771ab4 Archive support enabled. @4000445c8c543777554c Archive: RAR support disabled. @4000445c8c5437776104 Portable Executable support enabled. @4000445c8c54377768d4 Mail files support enabled. @4000445c8c5430a4 OLE2 support enabled. @4000445c8c543874 HTML support enabled. @4000445c8c5437778044 Self checking every 1800 seconds. Have I done something wrong to still be getting an outdated error? Thanks; Michael Bagnall ElusiveMind [EMAIL PROTECTED] http://elusivemind.net
Re: [toaster] ClamAV Error
According to ClamAV - the latest version is 0.88.2 so that might be the problem. I should have looked before I posted. Yeah I did stop it before installing. It even reports as the right version and the file dates on all the installed files (the library, etc) are all current. Thanks; Michael Bagnall ElusiveMind [EMAIL PROTECTED] http://elusivemind.net On May 6, 2006, at 6:53 AM, Shane Chrisp wrote: On Saturday 06 May 2006 19:49, Michael R. Bagnall wrote: Did you stop clam while you installed it? How about freshclam too? This morning I did an update on my Clam AV from the toaster site and I am getting this error in my log when I reload: @4000445c8c52170420c4 +++ Started at Sat May 6 06:45:12 2006 @4000445c8c5217042c7c clamd daemon 0.88.1 (OS: linux-gnu, ARCH: i386, CPU: i686) @4000445c8c521704344c Log file size limited to 1048576 bytes. @4000445c8c5217043834 Verbose logging activated. @4000445c8c5217044004 Reading databases from /usr/local/share/ clamav @4000445c8c5430ff7adc LibClamAV Warning: @4000445c8c5431000f4c LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** @4000445c8c5431001eec LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html *** @4000445c8c5431002aa4 LibClamAV Warning: @4000445c8c5436fac694 Protecting against 54291 viruses. @4000445c8c5437763824 Unix socket file /tmp/clamd @4000445c8c543776a96c Setting connection queue length to 15 @4000445c8c543776b13c Listening daemon: PID: 3013 @4000445c8c543776f78c Archive: Archived file size limit set to 10485760 bytes. @4000445c8c543776ff5c Archive: Recursion level limit set to 8. @4000445c8c5437770b14 Archive: Files limit set to 1000. @4000445c8c54377712e4 Archive: Compression ratio limit set to 250. @4000445c8c5437771ab4 Archive support enabled. @4000445c8c543777554c Archive: RAR support disabled. @4000445c8c5437776104 Portable Executable support enabled. @4000445c8c54377768d4 Mail files support enabled. @4000445c8c5430a4 OLE2 support enabled. @4000445c8c543874 HTML support enabled. @4000445c8c5437778044 Self checking every 1800 seconds. Have I done something wrong to still be getting an outdated error? Thanks; Michael Bagnall ElusiveMind [EMAIL PROTECTED] http://elusivemind.net
Re: [toaster] clamav-0.88.2
# patch -p0 ../tar/clamav-0.88.1-conf.patch patching file etc/clamd.conf # patch -p0 ../tar/clamav-0.88.1-freshclamconf.patch patching file etc/freshclam.conf # patch -p0 ../tar/clamav-0.88.1-stderr.patch patching file ./clamd/clamd.c patching file ./shared/output.c patching file ./shared/output.h No offsets! 2006/5/2, Bob Hutchinson [EMAIL PROTECTED]: The patches for 0.88.1 appear to be working for clamav-0.88.2, but with some offsets. Here is the output: patching file ./clamd/clamd.c Hunk #1 succeeded at 138 (offset 1 line). patching file ./shared/output.c Hunk #1 succeeded at 121 (offset 6 lines). Hunk #2 succeeded at 158 (offset 6 lines). patching file ./shared/output.h patching file etc/clamd.conf Hunk #1 succeeded at 5 with fuzz 1. patching file etc/freshclam.conf -- - Bob Hutchinson Midwales dot com -
Re: [toaster] clamav-0.88.2
On Wednesday 03 May 2006 14:00, Sim wrote: # patch -p0 ../tar/clamav-0.88.1-conf.patch patching file etc/clamd.conf # patch -p0 ../tar/clamav-0.88.1-freshclamconf.patch patching file etc/freshclam.conf # patch -p0 ../tar/clamav-0.88.1-stderr.patch patching file ./clamd/clamd.c patching file ./shared/output.c patching file ./shared/output.h No offsets! hmmm, I'll check that, perhaps mine were old 2006/5/2, Bob Hutchinson [EMAIL PROTECTED]: The patches for 0.88.1 appear to be working for clamav-0.88.2, but with some offsets. Here is the output: patching file ./clamd/clamd.c Hunk #1 succeeded at 138 (offset 1 line). patching file ./shared/output.c Hunk #1 succeeded at 121 (offset 6 lines). Hunk #2 succeeded at 158 (offset 6 lines). patching file ./shared/output.h patching file etc/clamd.conf Hunk #1 succeeded at 5 with fuzz 1. patching file etc/freshclam.conf -- - Bob Hutchinson Midwales dot com - -- - Bob Hutchinson Midwales dot com -
[toaster] clamav-0.88.2
The patches for 0.88.1 appear to be working for clamav-0.88.2, but with some offsets. Here is the output: patching file ./clamd/clamd.c Hunk #1 succeeded at 138 (offset 1 line). patching file ./shared/output.c Hunk #1 succeeded at 121 (offset 6 lines). Hunk #2 succeeded at 158 (offset 6 lines). patching file ./shared/output.h patching file etc/clamd.conf Hunk #1 succeeded at 5 with fuzz 1. patching file etc/freshclam.conf -- - Bob Hutchinson Midwales dot com -
[toaster] Clamav- Simscan - Test Antivirus
I've recently installed qmailtoaster 0.8.7 complete with clamav and simscan but it failed on test #15-#22-#23 on http://www.webmail.us/testvirus. Any idea about . . . thanks to everybody. ( Sorry for my bad english ) Gabriele [EMAIL PROTECTED] http://www.rantoloblog.it/
Re: [toaster] Clamav- Simscan - Test Antivirus
On Fri, 14 Apr 2006 12:12:36 +0200 Gabriele Furlotti [EMAIL PROTECTED] wrote: I've recently installed qmailtoaster 0.8.7 complete with clamav and simscan but it failed on test #15-#22-#23 on http://www.webmail.us/testvirus. #22 and #23 mails do not contain virii, so an antivirus should not block them. Any idea about . . . thanks to everybody. Please send me off list the message #15 unedited, as attachment, I'll take a look at it. OR upload it somewhere and publish the address. In any case, do not edit the message. -- Adrian Pircalabu -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://www.bitdefender.com/
Re: [toaster] Clamav- Simscan - Test Antivirus #15 Error
(Cc-ed to the toaster list since there could be other subscribers interested) On Fri, 14 Apr 2006 17:07:18 +0200 Gabriele Furlotti [EMAIL PROTECTED] wrote: This is the link : http://www.rantoloblog.it/download/Email-TEST.zip Here you have a uuencoded EICAR. The infected part must be detected. Please contact Clamav and/or Simscan developers. -- Adrian Pircalabu -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://www.bitdefender.com/
Re: [toaster] Clamav- Simscan - Test Antivirus #15 Error
On Fri, 14 Apr 2006 18:35:52 +0300 Adi Pircalabu [EMAIL PROTECTED] wrote: http://www.rantoloblog.it/download/Email-TEST.zip Here you have a uuencoded EICAR. The infected part must be detected. Please contact Clamav and/or Simscan developers. Here's what I've got after some testing: http://193.231.183.23/div/uuencoded-EICAR/ See README -- Adrian Pircalabu -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://www.bitdefender.com/
Re: [toaster] clamav-0.88.1
I guess it's about time I contributed something :-) The problem with the patch seems to be that they have renamed the FILE handle for the log file from logg_fd to logg_fs. I have patched the patch, and it seems to work. Mailing this patch in plain text may wrap some of the lines (line 7 almost certainly), so I have included it as an attachment as well - I hope attachments get through the mailing list OK? Nikki clamav-0.88.1-stderr.patch diff -urN ../clamav-0.81-orig/clamd/clamd.c ./clamd/clamd.c --- ../clamav-0.81-orig/clamd/clamd.c Tue Jan 18 17:42:35 2005 +++ ./clamd/clamd.c Tue Feb 1 16:23:45 2005 @@ -137,8 +137,13 @@ if((cpt = cfgopt(copt, LogFile))) { logg_file = cpt-strarg; if(strlen(logg_file) 2 || (logg_file[0] != '/' logg_file[0] != '\\' logg_file[1] != ':')) { + if (strcmp(logg_file,stderr)!=0) { fprintf(stderr, ERROR: LogFile requires full path.\n); exit(1); + } + else { + use_stderr=1; + } } time(currtime); if(logg(+++ Started at %s, ctime(currtime))) { diff -urN ../clamav-0.81-orig/shared/output.c ./shared/output.c --- ../clamav-0.81-orig/shared/output.c Wed Jan 26 03:06:20 2005 +++ ./shared/output.c Tue Feb 1 16:23:45 2005 @@ -115,7 +115,9 @@ #ifdef CL_THREAD_SAFE pthread_mutex_lock(logg_mutex); #endif - if(!logg_fs) { + if(use_stderr) { + logg_fs = stderr; + } else if(!logg_fs) { old_umask = umask(0037); if((logg_fs = fopen(logg_file, a)) == NULL) { umask(old_umask); @@ -150,7 +152,7 @@ free(timestr); } - if(logg_size) { + if(logg_size !use_stderr) { if(stat(logg_file, sb) != -1) { if(sb.st_size logg_size) { logg_file = NULL; diff -urN ../clamav-0.81-orig/shared/output.h ./shared/output.h --- ../clamav-0.81-orig/shared/output.h Mon May 10 19:14:14 2004 +++ ./shared/output.h Tue Feb 1 16:23:45 2005 @@ -28,6 +28,7 @@ int mdprintf(int desc, const char *str, ...); +int use_stderr; int logg(const char *str, ...); void logg_close(void); extern short int logg_verbose, logg_lock, logg_time; -- Nikki Locke, Trumphurst Ltd. PC Unix consultancy programming http://www.trumphurst.com/ clamav-0.88.1-stderr.patch Description: Binary data
Re: [toaster] clamav-0.88.1
On Friday 07 Apr 2006 11:30, Nikki Locke wrote: I guess it's about time I contributed something :-) The problem with the patch seems to be that they have renamed the FILE handle for the log file from logg_fd to logg_fs. I have patched the patch, and it seems to work. Mailing this patch in plain text may wrap some of the lines (line 7 almost certainly), so I have included it as an attachment as well - I hope attachments get through the mailing list OK? Got the attachment and it works fine, all compiled and installed without error on my dev box, now to install it on some production boxes. Thanks! Nikki clamav-0.88.1-stderr.patch diff -urN ../clamav-0.81-orig/clamd/clamd.c ./clamd/clamd.c --- ../clamav-0.81-orig/clamd/clamd.c Tue Jan 18 17:42:35 2005 +++ ./clamd/clamd.c Tue Feb 1 16:23:45 2005 @@ -137,8 +137,13 @@ if((cpt = cfgopt(copt, LogFile))) { logg_file = cpt-strarg; if(strlen(logg_file) 2 || (logg_file[0] != '/' logg_file[0] != '\\' logg_file[1] != ':')) { + if (strcmp(logg_file,stderr)!=0) { fprintf(stderr, ERROR: LogFile requires full path.\n); exit(1); + } + else { + use_stderr=1; + } } time(currtime); if(logg(+++ Started at %s, ctime(currtime))) { diff -urN ../clamav-0.81-orig/shared/output.c ./shared/output.c --- ../clamav-0.81-orig/shared/output.c Wed Jan 26 03:06:20 2005 +++ ./shared/output.c Tue Feb 1 16:23:45 2005 @@ -115,7 +115,9 @@ #ifdef CL_THREAD_SAFE pthread_mutex_lock(logg_mutex); #endif - if(!logg_fs) { + if(use_stderr) { + logg_fs = stderr; + } else if(!logg_fs) { old_umask = umask(0037); if((logg_fs = fopen(logg_file, a)) == NULL) { umask(old_umask); @@ -150,7 +152,7 @@ free(timestr); } - if(logg_size) { + if(logg_size !use_stderr) { if(stat(logg_file, sb) != -1) { if(sb.st_size logg_size) { logg_file = NULL; diff -urN ../clamav-0.81-orig/shared/output.h ./shared/output.h --- ../clamav-0.81-orig/shared/output.h Mon May 10 19:14:14 2004 +++ ./shared/output.h Tue Feb 1 16:23:45 2005 @@ -28,6 +28,7 @@ int mdprintf(int desc, const char *str, ...); +int use_stderr; int logg(const char *str, ...); void logg_close(void); extern short int logg_verbose, logg_lock, logg_time; -- - Bob Hutchinson Midwales dot com -
Re: [toaster] clamav-0.88.1
On 05/04/2006 Bob Hutchinson wrote: One of the toaster patches failed: (0.87) I'm running the toaster with clamav from Debian volatile (0.88) with no patches and everything seems fine - can someone tell me what the patches do? I dont run with custom error messages setup on qmail either as I assumed that the patches allowed error messages on the output stream or something. Thanks Marcus
[toaster] clamav-0.88.1
clamav-0.88.1 came out today. One of the toaster patches failed: (0.87) patching file ./clamd/clamd.c Hunk #1 succeeded at 138 (offset 1 line). patching file ./shared/output.c Hunk #1 FAILED at 115. Hunk #2 succeeded at 158 (offset 6 lines). 1 out of 2 hunks FAILED -- saving rejects to file ./shared/output.c.rej patching file ./shared/output.h patching file etc/clamd.conf Hunk #1 succeeded at 5 with fuzz 1. patching file etc/freshclam.conf -- - Bob Hutchinson Midwales dot com -
Re: [toaster] clamav-0.88.1
Bob Hutchinson wrote: clamav-0.88.1 came out today. One of the toaster patches failed: (0.87) patching file ./clamd/clamd.c Hunk #1 succeeded at 138 (offset 1 line). patching file ./shared/output.c Hunk #1 FAILED at 115. Hunk #2 succeeded at 158 (offset 6 lines). 1 out of 2 hunks FAILED -- saving rejects to file ./shared/output.c.rej patching file ./shared/output.h patching file etc/clamd.conf Hunk #1 succeeded at 5 with fuzz 1. patching file etc/freshclam.conf Thanks, I'll get it fixed. Regards, Bill
[toaster] Clamav patches
The toaster patches clamav with 3 patches - are they necessary? I ask because I run the toaster without simscan at the moment (I do scanning separately with maildrop + clamav). I'd like to move to a simscan installation, but my clamav comes from the debian volatile package and I'd rather keep it that way if I can. Thanks, Marcus
Re: [toaster] Clamav upgrade
On Saturday 04 Feb 2006 16:42, Tom Collins wrote: On Feb 3, 2006, at 10:58 PM, Bill Rowe wrote: **Unmatched Entries** Received signal: wake up: 478 Time(s) WARNING: Current functionality level = 6, recommended = 7: 142 Time(s) WARNING: Your ClamAV installation is OUTDATED!: 420 Time(s) DON'T PANIC! Read http://www.clamav.net/faq.html: 420 Time(s) Giving up on database.clamav.net...: 4 Time(s) WARNING: Invalid DNS reply. Falling back to HTTP mode.: 12 Time(s) freshclam daemon 0.87.1 (OS: linux-gnu, ARCH: i386, CPU: i686): 8 Time(s) WARNING: Local version: 0.87.1 Recommended version: 0.88: 278 Time(s) freshclam daemon 0.88 (OS: linux-gnu, ARCH: i386, CPU: i686): 3 Time(s) Trying again in 5 secs...: 8 Time(s) The problem is that you aren't rotating your logs, even with the freshclam script I provided. The counts on the messages are a pretty good indication of that. I've only run servers with RedHat, so I assume that's what you're running (I don't know if logrotate is standard on other distributions). If you're not RedHat, then you might have to make some changes to the config. Check your /var/log/messages for possible errors reported by logrotate. Make sure your freshclam is logging to /var/log/freshclam.log. Make sure logrotate is running before logwatch. If logrotate is run *before* logwatch. the logs that logwatch would parse will have been rotated away, unless 'delaycompress' is used in logrotate.d, in which case logwatch will have to be configured to look for logs like messages.0 or freshclam.log.1 Logwatch looks for datestamps, midnight to midnight, so logrotate can interfere with the accuracy of logwatch reports. Ensuring that Archive=yes is set in logwatch.conf helps overcome this, but can cause logwatch to slow down on big busy servers. my 2c's worth ;-) -- - Bob Hutchinson Midwales dot com -
Re: [toaster] Clamav upgrade
On Saturday 04 Feb 2006 06:58, Bill Rowe wrote: On Thu, 2 Feb 2006 11:53:42 -0700, Bill Rowe wrote: On Thu, 02 Feb 2006 08:52:44 -0800, Bill Shupp wrote: Tom Collins wrote: On Feb 1, 2006, at 8:27 PM, Bill Rowe wrote: Did a Toaster install about 6 weeks ago and included Clamav V0.87. Upgraded to V0.88 just recently. Everything seems ok BUT the update email I get each day claims that I'm running a mixture of V0.87 V0.88. I've checked everywhere that I can think of but solution eludes me. Make sure you're rotating your logs. I had the same problem until I added a file to logrotate.d: # more /etc/logrotate.d/freshclam /var/log/freshclam.log { daily notifempty missingok postrotate /usr/bin/killall -HUP freshclam 2 /dev/null || true endscript } I think Bill's added this to his recent toaster installs, but it wasn't there in earlier releases. No, it's still missing. I'll make sure it gets in the new one. Regards, Bill Did a restart on the computer just to make sure but same message this am. Just changed the rotate setup. Will comment tomorrow. Thanks. Bill Rowe Netcan Inc. [EMAIL PROTECTED] 11:51:46 AM on 2/2/2006 Hate to say it but neither Bill's solution or yours worked for me. Here is a snip of the logwatch message I'm getting... - clam-update Begin daily.cvd updated **Unmatched Entries** Received signal: wake up: 478 Time(s) WARNING: Current functionality level = 6, recommended = 7: 142 Time(s) WARNING: Your ClamAV installation is OUTDATED!: 420 Time(s) DON'T PANIC! Read http://www.clamav.net/faq.html: 420 Time(s) Giving up on database.clamav.net...: 4 Time(s) WARNING: Invalid DNS reply. Falling back to HTTP mode.: 12 Time(s) freshclam daemon 0.87.1 (OS: linux-gnu, ARCH: i386, CPU: i686): 8 Time(s) WARNING: Local version: 0.87.1 Recommended version: 0.88: 278 Time(s) freshclam daemon 0.88 (OS: linux-gnu, ARCH: i386, CPU: i686): 3 Time(s) Trying again in 5 secs...: 8 Time(s) -- clam-update End - If I do a clamd -V or a freshclam -V it comes back with V0.88, so why/where is it getting confused? When I did the upgrade to V0.88 I went to the 0.87 source folder and did a make clean and then went through the 0.88 install. Is this the right way to do the upgrade, and if so is there anything else to do? I did run a simscanmk -g and email headers are OK. I found it necessary to really kill freshclam, -HUP was not enough killall -TERM freshclam sleep 5 /usr/local/bin/freshclam -d Alternately run freshclam as a cron Also look in /usr/local/lib and check that symlink libclamav.so really points to the most recent library, if not clear them out and re-install HTH -- - Bob Hutchinson Midwales dot com -
Re: [toaster] Clamav upgrade
On Feb 3, 2006, at 10:58 PM, Bill Rowe wrote: **Unmatched Entries** Received signal: wake up: 478 Time(s) WARNING: Current functionality level = 6, recommended = 7: 142 Time(s) WARNING: Your ClamAV installation is OUTDATED!: 420 Time(s) DON'T PANIC! Read http://www.clamav.net/faq.html: 420 Time(s) Giving up on database.clamav.net...: 4 Time(s) WARNING: Invalid DNS reply. Falling back to HTTP mode.: 12 Time(s) freshclam daemon 0.87.1 (OS: linux-gnu, ARCH: i386, CPU: i686): 8 Time(s) WARNING: Local version: 0.87.1 Recommended version: 0.88: 278 Time(s) freshclam daemon 0.88 (OS: linux-gnu, ARCH: i386, CPU: i686): 3 Time(s) Trying again in 5 secs...: 8 Time(s) The problem is that you aren't rotating your logs, even with the freshclam script I provided. The counts on the messages are a pretty good indication of that. I've only run servers with RedHat, so I assume that's what you're running (I don't know if logrotate is standard on other distributions). If you're not RedHat, then you might have to make some changes to the config. Check your /var/log/messages for possible errors reported by logrotate. Make sure your freshclam is logging to /var/log/freshclam.log. Make sure logrotate is running before logwatch. Tom Collins Tom Logic LLC PO Box 5717 Napa, CA 94581 (707) 265-6622 (707) 265-6646 fax [EMAIL PROTECTED]
Re: [toaster] Clamav upgrade
On Thu, 2 Feb 2006 11:53:42 -0700, Bill Rowe wrote: On Thu, 02 Feb 2006 08:52:44 -0800, Bill Shupp wrote: Tom Collins wrote: On Feb 1, 2006, at 8:27 PM, Bill Rowe wrote: Did a Toaster install about 6 weeks ago and included Clamav V0.87. Upgraded to V0.88 just recently. Everything seems ok BUT the update email I get each day claims that I'm running a mixture of V0.87 V0.88. I've checked everywhere that I can think of but solution eludes me. Make sure you're rotating your logs. I had the same problem until I added a file to logrotate.d: # more /etc/logrotate.d/freshclam /var/log/freshclam.log { daily notifempty missingok postrotate /usr/bin/killall -HUP freshclam 2 /dev/null || true endscript } I think Bill's added this to his recent toaster installs, but it wasn't there in earlier releases. No, it's still missing. I'll make sure it gets in the new one. Regards, Bill Did a restart on the computer just to make sure but same message this am. Just changed the rotate setup. Will comment tomorrow. Thanks. Bill Rowe Netcan Inc. [EMAIL PROTECTED] 11:51:46 AM on 2/2/2006 Hate to say it but neither Bill's solution or yours worked for me. Here is a snip of the logwatch message I'm getting... - clam-update Begin daily.cvd updated **Unmatched Entries** Received signal: wake up: 478 Time(s) WARNING: Current functionality level = 6, recommended = 7: 142 Time(s) WARNING: Your ClamAV installation is OUTDATED!: 420 Time(s) DON'T PANIC! Read http://www.clamav.net/faq.html: 420 Time(s) Giving up on database.clamav.net...: 4 Time(s) WARNING: Invalid DNS reply. Falling back to HTTP mode.: 12 Time(s) freshclam daemon 0.87.1 (OS: linux-gnu, ARCH: i386, CPU: i686): 8 Time(s) WARNING: Local version: 0.87.1 Recommended version: 0.88: 278 Time(s) freshclam daemon 0.88 (OS: linux-gnu, ARCH: i386, CPU: i686): 3 Time(s) Trying again in 5 secs...: 8 Time(s) -- clam-update End - If I do a clamd -V or a freshclam -V it comes back with V0.88, so why/where is it getting confused? When I did the upgrade to V0.88 I went to the 0.87 source folder and did a make clean and then went through the 0.88 install. Is this the right way to do the upgrade, and if so is there anything else to do? I did run a simscanmk -g and email headers are OK. Thanks for any ideas. Bill Rowe
Re: [toaster] Clamav upgrade
On Feb 1, 2006, at 8:27 PM, Bill Rowe wrote: Did a Toaster install about 6 weeks ago and included Clamav V0.87. Upgraded to V0.88 just recently. Everything seems ok BUT the update email I get each day claims that I'm running a mixture of V0.87 V0.88. I've checked everywhere that I can think of but solution eludes me. Make sure you're rotating your logs. I had the same problem until I added a file to logrotate.d: # more /etc/logrotate.d/freshclam /var/log/freshclam.log { daily notifempty missingok postrotate /usr/bin/killall -HUP freshclam 2 /dev/null || true endscript } I think Bill's added this to his recent toaster installs, but it wasn't there in earlier releases. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [toaster] Clamav upgrade
Tom Collins wrote: On Feb 1, 2006, at 8:27 PM, Bill Rowe wrote: Did a Toaster install about 6 weeks ago and included Clamav V0.87. Upgraded to V0.88 just recently. Everything seems ok BUT the update email I get each day claims that I'm running a mixture of V0.87 V0.88. I've checked everywhere that I can think of but solution eludes me. Make sure you're rotating your logs. I had the same problem until I added a file to logrotate.d: # more /etc/logrotate.d/freshclam /var/log/freshclam.log { daily notifempty missingok postrotate /usr/bin/killall -HUP freshclam 2 /dev/null || true endscript } I think Bill's added this to his recent toaster installs, but it wasn't there in earlier releases. No, it's still missing. I'll make sure it gets in the new one. Regards, Bill
Re: [toaster] Clamav upgrade
On Thu, 02 Feb 2006 08:52:44 -0800, Bill Shupp wrote: Tom Collins wrote: On Feb 1, 2006, at 8:27 PM, Bill Rowe wrote: Did a Toaster install about 6 weeks ago and included Clamav V0.87. Upgraded to V0.88 just recently. Everything seems ok BUT the update email I get each day claims that I'm running a mixture of V0.87 V0.88. I've checked everywhere that I can think of but solution eludes me. Make sure you're rotating your logs. I had the same problem until I added a file to logrotate.d: # more /etc/logrotate.d/freshclam /var/log/freshclam.log { daily notifempty missingok postrotate /usr/bin/killall -HUP freshclam 2 /dev/null || true endscript } I think Bill's added this to his recent toaster installs, but it wasn't there in earlier releases. No, it's still missing. I'll make sure it gets in the new one. Regards, Bill Did a restart on the computer just to make sure but same message this am. Just changed the rotate setup. Will comment tomorrow. Thanks. Bill Rowe Netcan Inc. [EMAIL PROTECTED] 11:51:46 AM on 2/2/2006
[toaster] Clamav upgrade
Did a Toaster install about 6 weeks ago and included Clamav V0.87. Upgraded to V0.88 just recently. Everything seems ok BUT the update email I get each day claims that I'm running a mixture of V0.87 V0.88. I've checked everywhere that I can think of but solution eludes me. Obviously I should have done the upgrade differently, but couldn't find any info in the archives. Good clean suggestions appreciated. Bill Rowe Netcan Inc. [EMAIL PROTECTED] 9:22:08 PM on 2/1/2006
Re: [toaster] Clamav upgrade
Bill Rowe wrote: Did a Toaster install about 6 weeks ago and included Clamav V0.87. Upgraded to V0.88 just recently. Everything seems ok BUT the update email I get each day claims that I'm running a mixture of V0.87 V0.88. I've checked everywhere that I can think of but solution eludes me. Obviously I should have done the upgrade differently, but couldn't find any info in the archives. Good clean suggestions appreciated. Restart freshclam. Regards, Bill
Re: [toaster] clamav 0.86.2
On Monday 25 Jul 2005 13:52, Christopher Grello wrote: Quoting Bob Hutchinson [EMAIL PROTECTED]: Just to confirm that the 0.85 patches work with clamav 0.86.2, released this morning -- - Bob Hutchinson Midwales dot com - What patches? from http:/shupp.org/toaster/ wget http://shupp.org/patches/clamav-0.86.1-stderr.patch wget http://shupp.org/patches/clamav-0.86.1-conf.patch wget http://shupp.org/patches/clamav-0.86.1-freshclamconf.patch - Chris -- - Bob Hutchinson Midwales dot com -
Re: [toaster] clamav, spamassassin update
clamav noticed itself if you run freshclam to update the database. take a look in the qmailctl script, there you see the way the services where started and stoped. btw. it's better to stop the clamd before run a make install of a new version. Neofema s.r.o. - tech schrieb: Thanks it helped. But for example clamav should know that its internal database have been updated, isn't it?! In normal way I'd simply restart clamd but how to do it through that supervise? is there any script that restart all services run through supervise? Thanks, Roman rene marticke napsal(a): I updated spamassassin to 3.0.4 but there's still X-Spam-Checker-Version: SpamAssassin 3.0.2-gr1 (2004-11-16) on domain.com header. I'd like to tell system I updated spamassassin and clamav as well ;-) if you use simscan call /var/qmail/bin/simscanmk -g to update the versionfile. regards rene
[toaster] clamav-0.86
The toaster patches for clamav-0.85.1 work fine with clamav-0.86, which came out yesterday -- - Bob Hutchinson Midwales dot com -
[toaster] clamav problem
Hi all, This is about an install of clamav on Debian testing and set up to run with qmail, according to the toaster. I have done this install a couple of times with no problems at all, working with simscan, but this install is giving problems. This line appears in the qmail smtpd log: clamdscan: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Cannot allocate memory /lib/libc.so.6 exists and has the same size and perms as other my Debian setups. Compilation goes fine, and there is nothing in config.log that sticks out. ld.so.conf is correct and the same as well. gcc et al are all from debian packages, everything uptodate. freshclam is going fine. I sent several EICAR test emails and all were delivered leaving the above error message, as do clean emails. running clamdscan from the command line works, although it did not do so until I copied them out of vpopmail and set chmod 666 Simscan therefore looks like the stumbling block. Here is it's configure: ./configure --enable-user=clamav \ --enable-clamav=y \ --enable-spam=n \ --enable-ripmime=y \ --enable-attach=y \ --enable-received=y \ --enable-per-domain=y \ --enable-regex=y \ --enable-dropmsg=y Again, no problems compiling, it's all done by the same script I've used for the other installs, same users, same uid/gid, same everything AFAIK. Upon inspection, the other installs have spamassassin installed but not used, too much cpu crunching for my kit. Any Ideas? -- - Bob Hutchinson Midwales dot com -
Re: [toaster] clamav problem
On Friday 27 May 2005 19:43, Tom Collins wrote: On May 27, 2005, at 11:35 AM, Bob Hutchinson wrote: clamdscan: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Cannot allocate memory Increase the softlimit in the run file for qmail-smptd. bingo! Thanks a lot! -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com -- - Bob Hutchinson Midwales dot com -
[toaster] clamav
I received the following error when running clamav on my toaster Any ideas on how to solve this? 2005-03-21 10:11:27.954654500 LibClamAV Error: cl_loaddbdir(): Can't open directory /var/lib/clamav2005-03-21 10:11:27.954879500 ERROR: Unable to open file or directory Regards, Michael DiMartino Director of MIS The telx Group, Inc. 17 State St, 33rd Floor New York, NY 10004 T: 212.480.3300 X2022 C: 646.207.6603