G.W. Haywood via clamav-users wrote:
> Hi there,
>
> On Sat, 10 Apr 2021, Per Jessen wrote:
>> G.W. Haywood wrote:
>>> On Sat, 10 Apr 2021, Per Jessen wrote:
>>>
>>>> When I built $SUBJ just now, I see
>>>>
>>>> libclammspack
Per Jessen wrote:
>
>> If this is after install, exactly how did you build it?
>
> I don't normally do a "make install", I copy the libraries to the
> destination servers directly. I only need the libraries.
Having just built and installed on another machine, this
G.W. Haywood wrote:
> Hi there,
>
> On Sat, 10 Apr 2021, Per Jessen wrote:
>
>> When I built $SUBJ just now, I see
>>
>> libclammspack.so.0
>> =>
>> /home/per/workspace/clamav-0.103.2/libclamav/.libs/libclammspack.so.0
>>
>> ie. with
sibly* be able to run clamd on a system with
> only 2G of RAM
It _can_ be done, using cgroups to restrict the amount of memory used,
but it'll be doing a bit of swapping.
For email processing, we run clamd on virtual machines with slightly
less than 3Gb memory, of which clam
Michael Orlitzky via clamav-users wrote:
> On 2/24/20 5:28 AM, Per Jessen wrote:
>> I've just stumbled on this new config
>> option - "--enable-libclamav-only ". However, I still get complaints
>> about libcurl (for freshclam and clamdsubmit) ?
>>
>
andir=/usr/share/man
I must be missing something?
--
Per Jessen, Zürich (15.5°C)
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://
I was just curious that such a relatively old
virus is not identified by ClamAV. (nor by Sanesec signatures for that
matter).
--
Per Jessen, Zürich (0.1°C)
http://www.hostsuisse.com/ - virtual servers, made in Switzerland.
___
clamav-users mailing
system), but it is recognised by many
others.
https://files.jessen.ch/materials-20161511_121132836553-doc.exe
--
Per Jessen, Zürich (-0.2°C)
http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.
___
clamav-users mailing list
clamav-users
memory configuration? Is it
do-able?
Sure, my test-system nodes only have about 400M RAM. I use my own clam
daemon, but the functionality is the same.
--
Per Jessen, Zürich (5.6°C)
http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.
___
Help
able to scan, it's about not wanting to scan.
Regardless, clamav doesn't reject or approve mails, that's for your MTA
to do.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support
Rob Sterenborg (lists) wrote:
On Wed, 2011-11-09 at 10:31 +0100, Per Jessen wrote:
Peter Bradeen wrote:
I see that there are ways to limit the level of archive that will
be
scanned as well as the size of the entities to be scanned. Is
there a
way for CLAMAV to then flag them
Simon Hobson wrote:
Per Jessen wrote:
It's not about not being able to scan, it's about not wanting to
scan. Regardless, clamav doesn't reject or approve mails, that's
for your MTA to do.
If you use ClamAV as milter, it's up to ClamAV to tell the MTA what
to do so I guess there's
, but I'm posting this just in case.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Per Jessen wrote:
I'm running my own custom clamav daemon, and just now I ran into an
issue when reloading the latest daily.cvd. cl_load() seems to be
looking for a file named 'daily.ldb' - it isn't found, which causes a
segfault. I don't yet know if this is purely my issue or if it might
Toby Bryans wrote:
Thanks Luca, I obviously should have checked there in retrospect!
It was posted 8 minutes after your posting, so checking there wouldn't
have done you any good :-)
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV
Toby Bryans wrote:
On 7 May 2010 12:28, Per Jessen p...@computer.org wrote:
Toby Bryans wrote:
Thanks Luca, I obviously should have checked there in retrospect!
It was posted 8 minutes after your posting, so checking there
wouldn't have done you any good :-)
:)
I can confirm
about 70MB. So, even assuming this is kept in memory at all times,
where does the other 120MB come from?
Maybe when the database is reloaded? I don't know clamd that well, but
I suspect it'll probably have two copies of the database in core during
reload.
/Per Jessen, Zürich
is Email.Trojan.GZC aka Sanesecurity.Malware.8825.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
to whereever you want.
Or you just update /etc/freshclam.conf to point to only only mirror.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Any chance of making the source package available without the current
cvd databases? The current package is 24Mb, without the CVD it's only
3Mb. Just a suggestion, but it might just save some bandwidth.
/Per Jessen, Zürich
___
Help us build
of it is in relation to clamav? It's obviously
optional, and clamav sems to do quite well without it.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Am I the first person to suggest the default max logsize should be 0
instead of 1M (or some other arbitrary value) ?
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav
reason why freshclam should complain
about /etc/clamd.conf ?
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Per Jessen wrote:
Wait - I didn't ask how to fix the problem. I'm more interested to
know why freshclam complains about this _unused_ config-file when it
has never done so before.
Please ignore - problem found and solved.
/Per Jessen, Zürich
is one of
very few exceptions.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
of fixing this gcc problem in the clamav
source?
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
that vary in size from
20MB to 60 MB.
Virus-scanning anything bigger than 1-2Mb makes little sense. ANything
as big as 20Mb, I would just skip without further consideration.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http
left the daily.inc directory. When I removed it,
freshclam retrieved the daily cvd on the next attempt.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
, and I do not
expect any either.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
mainframe sysprog, I don't monitor any of my daemon processes. (apart
from *some* status-monitoring via SNMP).
/Per Jessen, Zürich
PS: even if you're an old school Unix admin, quoting only the relevant
bits in your reply is still considered good netiquette
you depend 100% on it never failing?
For one thing, freshclam has never died nor exploded from a memory leak,
nor is it a critical process. If freshclam fails to do an update within
15mins after we've received the clamav email-notification, a warning is
raised.
/Per Jessen, Zürich
/machine temperature as they are critical operating
factors that must be maintained within certain boundaries.
Anyway, this is way, way off-topic here - my apologies for keeping it
going.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV
, and the databases had been updated, I
see significant potential for something to break.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Dennis Peterson wrote:
Per Jessen wrote:
Jay Lee wrote:
The point of the exercise it to run freshclam *only* when the update
is published, not to run every x hours (or minutes) without knowing
if there is an update.
Looking at my options there...
Why not just run freshclam as a daemon
Jay Lee wrote:
The point of the exercise it to run freshclam *only* when the update
is published, not to run every x hours (or minutes) without knowing if
there is an update.
Looking at my options there...
Why not just run freshclam as a daemon?
/Per Jessen, Zürich
the file is accessible?
I don't know the process, but I think so, yes.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
for
phishing at all, the response time might be too slow to be useful,
given the frequency with which the content changes.
That was exactly my point, yes.
To be fair, I submitted another phishing sample yesterday, and had the
update in about 5 hours, which is much more acceptable.
/Per Jessen, Zürich
Nigel Horne wrote:
Use the experimental code, then. It does a good job at catching
phishes that aren't even in the database.
OK, that sounds interesting, I'll take a look.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit
hours later. I understand it was on a
weekend etc., but for ClamAVs phishing detection/protection to have any
meaning/reason at all, the time from submit to publish needs to be a
LOT shorter.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV
outbreaks, etc.
As a matter of principle, maintaining the database of what ClamAV is
supposed to detect must have the highest priority, IMHO. If not,
everything else is pointless.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide
Per Jessen wrote:
The best defense against phishing is and has always been education,
fwiw.
Quick additional comment - I used to use the very same argument, but
experience and age have taught me that people are stupid.
/Per Jessen, Zürich
do I. I've even contributed code myself.
I am in no way unhappy with the product, and I shall continue to use it,
but I AM a tad unhappy with the promises wrt phishing.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http
Gerard Seibert wrote:
however, I believe 'stupid' is too harsh.
Perhaps - but a great deal more concise :-)
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav
the speed with which a new
signature can be published is not.
/Per Jessen, Zürich
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
a matter of practicality;
getting budget approval for a business expense is much easier than for
charity.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
like
that only happens when the DNS reports a newer software version.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
be a freeloader.
I think it is entirely reasonable, but for a business to make donations,
I think the ClamAV project needs to be able 1) issue invoices and 2)
accept payment via non-paypal channels. Maybe even in EUR.
/Per Jessen, Zürich
___
http
help is appreciated.
Filesystem paths only, no URLs.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
Luca Gibelli wrote:
Why isn't freshclam complaining?
because there are no security issues associated with the new release.
Instead of filling the logs with warnings, we give our users 2 days to
perform the upgrade.
Hi Luca,
I still haven't seen any warning?
/Per Jessen, Zürich
, sysadmins. I
find freshclams outdated warning very useful.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
.
For everyone's benefit, here is a direct link to 0.88.3:
Is there any particular reason why freshclam is not making me aware of
the new version? I use the OnOutdatedExecute option, but it hasn't
been triggered.
/Per Jessen, Zürich
___
http
Stephen Gran wrote:
On Mon, Jul 03, 2006 at 03:37:42PM +0200, Per Jessen said:
Is there any particular reason why freshclam is not making me aware
of the new version? I use the OnOutdatedExecute option, but it
hasn't been triggered.
I understand it will complain on Tuesday.
Huh? I've
of files.
Sounds like you could do with a simple combination of clamav and the
find command.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
Sven Strickroth wrote:
Hi,
Per Jessen [EMAIL PROTECTED] schrieb im Newsbeitrag
news:[EMAIL PROTECTED]
Dennis Peterson wrote:
Per Jessen wrote:
It has always been possible to unpack the pattern files and remove
the parts you don't like. The various parts are clearly marked.
If you
of a job for your mail-server, not clamav.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
What's the current schedule for 0.90? And what are my options (for not
having clamav consider phishing==virus) until then?
I'm using libclamav programmatically - I don't suppose cl_scanfile()
could be convinced to return CL_PHISHING when appropriate :-)
/Per Jessen, Zürich
Per Jessen wrote:
OK, just tried that - it still reports clean. I'm just now upgrading
the Mail::ClamAV module to 0.17 (from 0.11) - maybe that'll fix it.
Yeah, 0.17 fixed it - thanks for the fast response. Sorry about wasting
your time and bandwidth.
/Per Jessen, Zürich
(or in which db-version) the signature was added? (using an API of
course).
thanks.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
not seem to imply
that ClamAV
is not competing with commercial vendors.
In fact, what is the _primary_ advantage of ClamAV over [your favourite
commercial AV product]?
Price. ClamAV may not be competing for commercial gain, but it is certainly
competing for the
market.
/Per Jessen, Zürich
hadn't expected it to also stop
freshclam checking
for new updates. I guess freshclam is waiting for it to finish before
continuing - surely not
the intentional behaviour?
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
when it's
running as a daemon - as commandline it'll still use system().
/Per Jessen, Zürich
--
http://www.spamchek.co,uk/freetrial - sign up for your free 30-day trial now!
___
http://lurker.clamav.net/list/clamav-users.html
or the mirror or what?
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
Brian Morrison wrote:
On Thu, 24 Feb 2005 09:09:23 +0100 in [EMAIL PROTECTED] Per
Jessen [EMAIL PROTECTED] wrote:
I've setup a freshclam that is triggered off the incoming notify for
clamav-virusdb. For 722 at 0046CET today, I got the email, but
freshclam did not load a new version
for the clarification.
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
I haven't seen any mails from the XML-list since Feb4 - what's the story? Was
I accidentally unsubscribed or is the list down?
/Per Jessen, Zürich
___
http://lurker.clamav.net/list/clamav-users.html
:
From /etc/cron.d/clamav:
2 * * * * root /usr/bin/freshclam
/Per Jessen
--
http://www.spamchek.ch/freetrial - lassen Sie sich überzeugen - 30 Tage
Kostenlos!
___
http://lurker.clamav.net/list/clamav-users.html
Luca Gibelli wrote:
Hello Per Jessen,
I haven't seen any mails from the XML-list since Feb4 - what's the story?
Was
I accidentally unsubscribed or is the list down?
We sent a message announcing that we were taking down the service. We'll
be providing a new (better, we hope) service
68 matches
Mail list logo