[EMAIL PROTECTED] wrote:
Sam DeForest wrote:
[EMAIL PROTECTED], uid 508) with qmail-scanner-1.25-st-qms
(clamdscan: 0.88/1235. spamassassin: 3.0.0. perlscan: 1.25-st-qms.
Clear:RC:0(220.175.180.80):SA:0(-1.2/5.0):
...
So, in my estimation, it looks to be that clamdscan is not using the
Bill Shupp wrote:
Trog wrote:
On Mon, 2006-01-09 at 15:37 -0800, Bill Shupp wrote:
First, I would check the filesystem type of /tmp (or whatever you are
using). Make sure it is not sync'ed or journalling.
Next, I would investigate the pthreads libraries. If your system has
more than one to
out there that I can read (gimme RFCs, non-official standards, ANYTHING)
that describe the plethora of standards ClamAV uses or plans to use
in the future? Or maybe just a general list of what's currently out
there?
Thanks!
--
Jesse Guardiani, Systems Administrator
WingNET Internet
upgrade from
73 - 75.1 on Monday?
Thanks!
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
---
This SF.Net email
to gethostbyname has a valid argument, I'm guessing
there's probably some memory corruption causing this crash.
Thank you for reporting this bug. gethostbyname() is not reentrant,
clamd should use gethostbyname_r()
Did the patch for this make it into 75.1?
--
Jesse Guardiani, Systems Administrator
Kojm has correctly asked me to get more information, but I haven't
been able to yet. I'm going to see if a CVS snapshot or 0.75.1 clears up
the problem on Monday.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559
.
Is http://sourceforge.net/news/?group_id=86638 still going to be updated
with news? There aren't any notice of version 0.75 being released (or any
other version since 0.70).
I concur. :)
I'm still running 0.73 because I've seen reports of viruses slipping
through 0.74 and 0.75.
--
Jesse
people to update to CVS to fix a serious bug doesn't make
sense.
That would be like the linux kernel developers asking everyone to update to
CVS to fix critical kernel security flaws.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423
a pthreads (libc_r) bug, but it
may very well just be a ClamAV bug. I'm personally doing everything I can
to track this down, but it's slow going.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http
to be the only person consistently experiencing this
problem.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
K. Shantanu wrote:
On Mon, May 17, 2004 at 08:45:26AM -0400, Jesse Guardiani wrote:
It does if you delete the socket file from your run script. But you need
to upgrade to 0.70 anyway, and I imagine that you'll start having
problems with clamd hanging as well as dying once you do
not gurantee a clean start and a fresh clamd file.
It does if you delete the socket file from your run script. But you need
to upgrade to 0.70 anyway, and I imagine that you'll start having
problems with clamd hanging as well as dying once you do. Perhaps you
should take a look at monit.
--
Jesse
that *is* there though. If you can tweak
it until it spits out more relevant information then it looks like you'll
have a winning service.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
Jason Haar wrote:
On Wed, May 05, 2004 at 02:15:29PM -0400, Jesse Guardiani wrote:
past 0.70-rc a month or two ago. 0.70 (upgraded just yesterday) does the
same thing. I'm running FreeBSD 4.8-RELEASE + daemontools. I don't see
the seg fault, but my clamd is hanging every 5 or 10 minutes
not working. This bug is really crimping my
style. :)
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
---
This SF.Net email
is that
my mail is virus free. :) But I'd really love
to see a solution to this problem.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
confused about the top 10 viruses last month
and ... last week text though. What about this month and this week?
You got some source code I can download for that? :)
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v
Antony Stone wrote:
[...]
I think the best we'll ever achieve is a cross-reference database.
Yes please.
What needs to be done to get this online? Who needs access to what?
Public reference submissions, or core maintainers?
I think we desperately need this functionality.
--
Jesse Guardiani
Jesse Guardiani wrote:
Antony Stone wrote:
[...]
I think the best we'll ever achieve is a cross-reference database.
Yes please.
What needs to be done to get this online? Who needs access to what?
Public reference submissions, or core maintainers?
I think we desperately need
clamd as a daemon and FixStaleSocket really becomes
irrelevant in your case.
As far as I know you can only use clamdscan if clamd is running. In short:
Yes, I'm running clamd.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559
ClamukoScanArchive
I there any chance this bug has been fixed in the
latest CVS?
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
Jesse Guardiani wrote:
[...]
I there any chance this bug has been fixed in the
latest CVS?
There must be some special email out there that triggers
this behavior. I've had to kill -9 the clamd process 3
times since my first message about this problem to this
list. If it happens again
Odhiambo Washington wrote:
* Jesse Guardiani [EMAIL PROTECTED] [20040402 20:12]: wrote:
Howdy list,
We've been running CVS version devel-20040325
for about a week with great success, but just
this morning it locked up. I tried:
I haven't had the same problems you are seeing in ages
Todd Lyons wrote:
On Fri, 2004-04-02 at 08:30, Jesse Guardiani wrote:
I there any chance this bug has been fixed in the
latest CVS?
There must be some special email out there that triggers
this behavior. I've had to kill -9 the clamd process 3
times since my first message about
Robert Blayzor wrote:
On 4/2/04 10:53 AM, Jesse Guardiani [EMAIL PROTECTED] wrote:
Howdy list,
# uname -a
FreeBSD chortos.wingnet.net 4.8-RELEASE FreeBSD 4.8-RELEASE #0: Fri Apr
11
12:59:08 EDT 2003
[EMAIL PROTECTED]:/usr/src/sys/compile/CHORTOS i386
MaxThreads 5
ThreadTimeout
Todd Lyons wrote:
On Fri, 2004-04-02 at 08:30, Jesse Guardiani wrote:
I there any chance this bug has been fixed in the
latest CVS?
There must be some special email out there that triggers
this behavior. I've had to kill -9 the clamd process 3
times since my first message about
Jesse Guardiani wrote:
Robert Blayzor wrote:
On 4/2/04 10:53 AM, Jesse Guardiani [EMAIL PROTECTED] wrote:
Howdy list,
# uname -a
FreeBSD chortos.wingnet.net 4.8-RELEASE FreeBSD 4.8-RELEASE #0: Fri Apr
11
12:59:08 EDT 2003
[EMAIL PROTECTED]:/usr/src/sys/compile/CHORTOS i386
Todd Lyons wrote:
On Fri, 2004-04-02 at 14:09, Jesse Guardiani wrote:
Mar 31 didn't work for me. See other email on the subject.
You can download the tarball that I used for mine at
http://downloads.mrball.net/SpamAssassin/clamav-0.70pre2.tar.gz
The naming convention does not jive
Jesse Guardiani wrote:
[...]
I'll look into the locking thing. I'm also configuring a debug
version so I can run ktrace on it. More in a bit. I can't go home
until this silly thing is fixed...
Hmmm... I'm leaning toward a locking problem with the log file
at this point. I couldn't ktrace
Jesse Guardiani wrote:
[...]
I'm going to try uncommenting LogFileUnlock in clamav.conf.
That didn't work. Help! I'm at a loss...
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http
Jesse Guardiani wrote:
Jesse Guardiani wrote:
[...]
I'm going to try uncommenting LogFileUnlock in clamav.conf.
That didn't work. Help! I'm at a loss...
Hmmm... Reverting to 0.70-rc seems to solve the problem
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services
does it. And
you don't have to enable it by default. And all of these silly rar
memory leak and licensing issues would evaporate.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
Nigel Horne wrote:
On Thursday 25 Mar 2004 10:05 pm, Jesse Guardiani wrote:
Is there any way to make clamd log the structure of
a message and it's attachments? BinHex, MIME, plain-text,
ZIP, RAR, BZIP, GZIP, OLE2, etc...?
I don't consider that to be the job of a virus scanner.
:) Why
reducing the load on
CLAM :))
Which scanner are you using? qmail-scanner scans viruses FIRST, then blocks
extensions based on policy. This change was made between 1.20-rc2 and 1.20-rc3
if I remember correctly.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605
- (ATTACHMENT)
1 Exploit.HTML.Bagle.Gen-7-eml
1 Exploit.HTML.Bagle.Gen-3-eml
1 Disallowed breakage found in header name - potential virus
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http
Jesse Guardiani wrote:
[...]
I see similar symptoms when my clamd (0.70-rc) process chokes on a
message it doesn't like. The clamd process starts eating between 50%
and 100% CPU and gobbling up RAM.
Quick note: The CVS version from 2004/03/26 fixes this problem for me.
--
Jesse Guardiani
method?
I don't know. Please read `man grep` to find out.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
---
This SF.Net
Tomasz Kojm wrote:
On Mon, 22 Mar 2004 15:54:18 -0500
Jesse Guardiani [EMAIL PROTECTED] wrote:
Any ideas on how to avoid this in the future? I'm running with
ScanArchive and ScanMail (because I want the binhex feature on).
The problem may be connected with already discussed and fixed
to be OLE2.
Thanks.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
---
This SF.Net email is sponsored by: IBM Linux
value set to in clamav.conf?
How about MaxConnectionQueueLength?
It's possible that ClamAV already has MaxThreads number of threads running
and your 4k message is sitting in the connection queue waiting for a thread
to become available so it can run.
--
Jesse Guardiani, Systems Administrator
memory limits though.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
---
This SF.Net email is sponsored by: IBM Linux
.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial
and just a LOT of characters. I can send it zipped
or a small sample if anyone is interested. It has a lot of repeating
characters, so it aught to compress rather well.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v
Tomasz Kojm wrote:
On Mon, 22 Mar 2004 15:54:18 -0500
Jesse Guardiani [EMAIL PROTECTED] wrote:
Any ideas on how to avoid this in the future? I'm running with
ScanArchive and ScanMail (because I want the binhex feature on).
The problem may be connected with already discussed and fixed
. That's what I would do. :)
It's a release candidate, not a recognized stable
code. Just a thought.
I'm aware of that. Besides this stress testing bug I haven't
had any problems with it. The upgrade was well worth the risk
for the new features.
--
Jesse Guardiani, Systems Administrator
WingNET
to man. That's my experience with C anyway.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
---
This SF.Net email
and ScanMail (because I want the binhex feature on).
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
---
This SF.Net email
-computer network might work too. That would certainly change the trust
system a good bit. Hmmm... something to think about.
I'd love to be a tester for this.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145
ClamAV users around the world
so we could see a visual map of how these things spread and where
the damage or infection is greatest.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http
McDonald, Dan wrote:
-Original Message-
From: Jesse Guardiani
Is there a database anywhere that lists all the viruses
that forge addresses?
There may be, but can you react quickly to a new one?
If one exists, then yes, I can. I'm a programmer. I could
easily automate the creation
/clamav-users
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
---
This SF.net email is sponsored by: SF.net Giveback
be happy to help.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
clamd-supervise-install-notes-0_002.txt.gz
Description: GNU Zip compressed data
For a complete clamd/daemontools install solution.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
---
This sf.net
Is the virusdb list functioning?
I'm not getting any updates from it.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
by using the web based CGI submission
tool too:
http://www.gietl.com/test-clamav/
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
Daniel Wiberg wrote:
Jesse Guardiani wrote:
Darek M wrote:
Hey guys, new member here, go easy on me.
2. clamd dies on me on signal 11 (core dump). Is this a common issue?
If so, is there a fix? Regardless of the last question, does anyone
have a solid script that looks for clamd
guide, roughly after the
style of Life With Qmail. It assumes that you already have clamd installed
and running properly.
Let me know if you like it.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http
stable distribution
I can find.
Thanks.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
---
This sf.net email is sponsored
On Friday 12 September 2003 11:05, Odhiambo Washington wrote:
* Jesse Guardiani [EMAIL PROTECTED] [20030912 17:48]: wrote:
Hi Jesse,
clamd from clamav-0.60 dies ocassionally on me too. I run FreeBSD
4.8-RELEASE on a Dell PowerEdge 4300. I have the core files if anyone
wants to see them
that. I'm thrilled to have a free, Open Source, AV solution.
The clamav developers are hecka cool, IMO.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
/onethread.php?group=gmane.comp.security.virus.clamav.userroot=%3C689CD4F4-E482-11D7-9771-000393DC8E02%40oakley.nyi.net%3E
If you're interested in running clamd under daemontools.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK
a bit more load on the production server, but it shouldn't break
it's back, unless it's already struggling.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
-allocated, or is it allocated
on demand?
Thanks!
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
---
This sf.net email
. But now I'm starting to
wonder if a daemonized scanner might give me better
performance.
Looking forward to hearing everyone's thoughts on the matter!
Thanks.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559
keep the number
of interpretted, low level mail server filtering scripts to a minimum.
My manager has also expressed interest in selective virus protection,
perhaps on a per domain or even a per user basis.
Anyway, I'd love to see what you've got. Thanks!
--
Jesse Guardiani, Systems
65 matches
Mail list logo