Re: [Clamav-users] Web Site Authentication Prior to VirusDB download
On Thu, 02 Feb 2006 at 21:31:45 -0800, Jeremy Kitchen wrote: [EMAIL PROTECTED] wrote: The company I work for has implemented a firewall that only allows certain activity through it. I have requested that the user agent string clamav/* be allowed to communicate with the internet. sorry, but blocking at the firewall/proxy level based on user-agent is one of the most absurd things I've ever heard. If they are doing it to disallow 'viruses' and whatnot from traversing the firewall, well, the virus writer can TRIVIALLY change the user-agent string to.. say.. IE, and get right through. In fact, since clamav provides the source for you, you should be able to TRIVIALLY change the user-agent string. grep, $EDITOR, and an exercise for the reader. Problem solved. -Jeremy In devel version's ChangeLog there is: Fri Jan 27 16:01:31 CET 2006 (tk) - * freshclam: new option HTTPUserAgent to force different User-Agent header Patch by Andy Fiddaman clam*fiddaman.net -- Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Zafi worm misidentified as Trojan.Downloader.Small-1004
Don't know when this started happening, but ClamAV is misidentifying the Zafi worm as Trojan.Downloader.Small-1004. From a MailScanner notification: Sender: [EMAIL PROTECTED] IP Address: 85.98.131.226 Recipient: [EMAIL PROTECTED] (changed to protect the innocent) Subject: Fw: Merry Christmas! MessageID: k139qE5t016812 Quarantine: /var/spool/MailScanner/quarantine/20060203/k139qE5t016812 Report: ClamAV Module: postcard.index.jpg4031.zip was infected: Trojan.Downloader.Small-1004 Bitdefender: Found virus [EMAIL PROTECTED] in file postcard.index.jpg4031.zip McAfee: /k139qE5t016812/postcard.index.jpg4031.zip Found the W32/[EMAIL PROTECTED] virus !!! Cheers, Phil Phil Randal Network Engineer Herefordshire Council Hereford, UK ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Unofficial Phishing Signatures
On Thu, 2 Feb 2006, George R. Kasica wrote: From: George R. Kasica [EMAIL PROTECTED] To: ClamAV users ML clamav-users@lists.clamav.net Date: Thu, 02 Feb 2006 15:40:41 -0600 Subject: Re: [Clamav-users] Unofficial Phishing Signatures Reply-To: ClamAV users ML clamav-users@lists.clamav.net On Thu, 02 Feb 2006 19:40:17 +, you wrote: ... Steve or Dennis: Where did you get the tool to get clamav stats? We just installed it here and could really use something like that. I suspect this will greatly depend on the MTA you're using. I'm using exim as my MTA and all incoming mail is run through both ClamAV and Sophos virus scanners. Mail containing a virus is rejected after the DATA phase of the SMTP dialogue and I've set up exim to log this. For example: 2006-02-03 09:21:56 1F4x8d-0004hS-G1 H=mars.math.nctu.edu.tw (Webmail.Math.NCTU.edu.tw) [140.113.22.51] I=[138.38.32.23]:25 U=root F=[EMAIL PROTECTED] rejected after DATA: rejected by exiscan-acl: message contains malware (Html.Phishing.Pay.Sanesecurity.05082900 ClamAV). Logs are rotated daily. So it's a simple matter to run a perl script over yesterday's logs, pick out lines similar to the above[1], and produce a summary. I do much the same with spam scores. Spam counts are logged and a daily summary produced. [1] Simple perl code of the form: if ($line =~ This message contains a virus || $line =~ message contains malware) { ($day, $time, $junk) = split (/ /, $line); $last = $time; $first = $time unless defined ($first); print EXISCANLOG $line\n; $line =~ s/^.* \(//; $line =~ s/..$//; $virus{$line} += 1; next; } will add up the virus counts and produce a condensed log that can be used to produce weekly and/or monthly summaries. -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK [EMAIL PROTECTED] Phone: +44 1225 386101 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Zafi worm misidentified as Trojan.Downloader.Small-1004
Randal, Phil wrote: Don't know when this started happening, but ClamAV is misidentifying the Zafi worm as Trojan.Downloader.Small-1004. I'm investigating this. I believe that signature small-1004 is matching some sort of PE packer/obfuscater and must be updated to avoid detecting unrelated malware. Best regards, Diego d'Ambra ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Clamav stats - [ was Unofficial Phishing Signatures ]
Where did you get the tool to get clamav stats? We just installed it here and could really use something like that. Try the link at http://www.bandsman.co.uk/cgi-bin/virus/display.pl ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Two problems running clamav
Hallo @ll, 1. I try to upgrade ClamAV from vers. 0.87.1 to 0.88 for hours. System: Fedora Core 3. I downloaded the rpm's from this source (Petr Kristof) http://crash.fce.vutbr.cz/crash-hat/3/clamav/ First of all, I tried to upgrade the installation, but I got the problem, that clamav-milter does not realy start, although I got an OK from the initd. In a second step, I removed everything and installed again. But still the same problem: /etc/init.d/clamav-milter status clamav-milter dead but subsys locked. clamd seems to run properly. Finally, I eliminated daemon in /etc/init.d/clamav-milter and suddenly ;-) everything seems to work fine. The only thing is, that I do not recieve an OK-message after success. 2. The other problem is, that the daily update seems to terminate with an error. /var/log/clamav/clamd.log Segmentation fault :-( Bye.. Both, the freshclam tasks and zombies of clamd still resident in the process list and will not be eliminated until a restart of clamd. On the other hand, clamd comes up again after this fault every day and works. The mails passing the mailscanner where scanned. I googled for houres, but I didn't found any sollution. Thank you for all help, Ralf This is my configuration file in the moment: ## ## Example config file for the Clam AV daemon ## Please read the clamd.conf(5) manual before editing this file. ## # Comment or remove the line below. #Example # Uncomment this option to enable logging. # LogFile must be writable for the user running daemon. # A full path is required. # Default: disabled LogFile /var/log/clamav/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # copy the configuration file, change the LogFile variable, and run # the daemon with --config-file option). # This option disables log file locking. # Default: disabled #LogFileUnlock # Maximal size of the log file. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. # Default: 1M LogFileMaxSize 0 # Log time with each message. # Default: disabled LogTime # Also log clean files. Useful in debugging but drastically increases the # log size. # Default: disabled #LogClean # Use system logger (can work together with LogFile). # Default: disabled LogSyslog # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # Default: LOG_LOCAL6 #LogFacility LOG_MAIL # Enable verbose logging. # Default: disabled #LogVerbose # This option allows you to save a process identifier of the listening # daemon (main thread). # Default: disabled PidFile /var/run/clamav/clamd.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). TemporaryDirectory /tmp # Path to the database directory. # Default: hardcoded (depends on installation options) DatabaseDirectory /var/lib/clamav # The daemon works in a local OR a network mode. Due to security reasons we # recommend the local mode. # Path to a local socket file the daemon will listen on. # Default: disabled LocalSocket /var/run/clamav/clamd.sock # Remove stale socket after unclean shutdown. # Default: disabled FixStaleSocket # TCP port address. # Default: disabled #TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. # Default: disabled #TCPAddr 127.0.0.1 # Maximum length the queue of pending connections may grow to. # Default: 15 MaxConnectionQueueLength 30 # Clamd uses FTP-like protocol to receive data from remote clients. # If you are using clamav-milter to balance load between remote clamd daemons # on firewall servers you may need to tune the options below. # Close the connection when the data size limit is exceeded. # The value should match your MTA's limit for a maximal attachment size. # Default: 10M #StreamMaxLength 20M # Limit port range. # Default: 1024 #StreamMinPort 3 # Default: 2048 #StreamMaxPort 32000 # Maximal number of threads running at the same time. # Default: 10 MaxThreads 50 # Waiting for data from a client socket will timeout after this time (seconds). # Value of 0 disables the timeout. # Default: 120 ReadTimeout 300 # Waiting for a new job will timeout after this time (seconds). # Default: 30 #IdleTimeout 60 # Maximal depth directories are scanned at. # Default: 15 #MaxDirectoryRecursion 20 # Follow directory symlinks. # Default: disabled #FollowDirectorySymlinks # Follow regular file symlinks. # Default: disabled #FollowFileSymlinks # Perform internal sanity check (database integrity and freshness). # Default: 1800 (30 min) #SelfCheck 600 # Execute a command when virus is found. In the command string %v will # be replaced by a virus
[Clamav-users] Two problems running clamav
Hallo @ll, 1. I try to upgrade ClamAV from vers. 0.87.1 to 0.88 for hours. System: Fedora Core 3. I downloaded the rpm's from this source (Petr Kristof) http://crash.fce.vutbr.cz/crash-hat/3/clamav/ First of all, I tried to upgrade the installation, but I got the problem, that clamav-milter does not realy start, although I got an OK from the initd. In a second step, I removed everything and installed again. But still the same problem: /etc/init.d/clamav-milter status clamav-milter dead but subsys locked. clamd seems to run properly. Finally, I eliminated daemon in /etc/init.d/clamav-milter and suddenly ;-) everything seems to work fine. The only thing is, that I do not recieve an OK-message after success. 2. The other problem is, that the daily update seems to terminate with an error. /var/log/clamav/clamd.log Segmentation fault :-( Bye.. Both, the freshclam tasks and zombies of clamd still resident in the process list and will not be eliminated until a restart of clamd. On the other hand, clamd comes up again after this fault every day and works. The mails passing the mailscanner where scanned. I googled for houres, but I didn't found any sollution. Thank you for all help, Ralf This is my configuration file in the moment: ## ## Example config file for the Clam AV daemon ## Please read the clamd.conf(5) manual before editing this file. ## # Comment or remove the line below. #Example # Uncomment this option to enable logging. # LogFile must be writable for the user running daemon. # A full path is required. # Default: disabled LogFile /var/log/clamav/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # copy the configuration file, change the LogFile variable, and run # the daemon with --config-file option). # This option disables log file locking. # Default: disabled #LogFileUnlock # Maximal size of the log file. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. # Default: 1M LogFileMaxSize 0 # Log time with each message. # Default: disabled LogTime # Also log clean files. Useful in debugging but drastically increases the # log size. # Default: disabled #LogClean # Use system logger (can work together with LogFile). # Default: disabled LogSyslog # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # Default: LOG_LOCAL6 #LogFacility LOG_MAIL # Enable verbose logging. # Default: disabled #LogVerbose # This option allows you to save a process identifier of the listening # daemon (main thread). # Default: disabled PidFile /var/run/clamav/clamd.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). TemporaryDirectory /tmp # Path to the database directory. # Default: hardcoded (depends on installation options) DatabaseDirectory /var/lib/clamav # The daemon works in a local OR a network mode. Due to security reasons we # recommend the local mode. # Path to a local socket file the daemon will listen on. # Default: disabled LocalSocket /var/run/clamav/clamd.sock # Remove stale socket after unclean shutdown. # Default: disabled FixStaleSocket # TCP port address. # Default: disabled #TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. # Default: disabled #TCPAddr 127.0.0.1 # Maximum length the queue of pending connections may grow to. # Default: 15 MaxConnectionQueueLength 30 # Clamd uses FTP-like protocol to receive data from remote clients. # If you are using clamav-milter to balance load between remote clamd daemons # on firewall servers you may need to tune the options below. # Close the connection when the data size limit is exceeded. # The value should match your MTA's limit for a maximal attachment size. # Default: 10M #StreamMaxLength 20M # Limit port range. # Default: 1024 #StreamMinPort 3 # Default: 2048 #StreamMaxPort 32000 # Maximal number of threads running at the same time. # Default: 10 MaxThreads 50 # Waiting for data from a client socket will timeout after this time (seconds). # Value of 0 disables the timeout. # Default: 120 ReadTimeout 300 # Waiting for a new job will timeout after this time (seconds). # Default: 30 #IdleTimeout 60 # Maximal depth directories are scanned at. # Default: 15 #MaxDirectoryRecursion 20 # Follow directory symlinks. # Default: disabled #FollowDirectorySymlinks # Follow regular file symlinks. # Default: disabled #FollowFileSymlinks # Perform internal sanity check (database integrity and freshness). # Default: 1800 (30 min) #SelfCheck 600 # Execute a command when virus is found. In the command string %v will # be replaced by a virus
[Clamav-users] Two problems running clamav
Hallo @ll, 1. I try to upgrade ClamAV from vers. 0.87.1 to 0.88 for hours. System: Fedora Core 3. I downloaded the rpm's from this source (Petr Kristof) http://crash.fce.vutbr.cz/crash-hat/3/clamav/ First of all, I tried to upgrade the installation, but I got the problem, that clamav-milter does not realy start, although I got an OK from the initd. In a second step, I removed everything and installed again. But still the same problem: /etc/init.d/clamav-milter status clamav-milter dead but subsys locked. clamd seems to run properly. Finally, I eliminated daemon in /etc/init.d/clamav-milter and suddenly ;-) everything seems to work fine. The only thing is, that I do not recieve an OK-message after success. 2. The other problem is, that the daily update seems to terminate with an error. /var/log/clamav/clamd.log Segmentation fault :-( Bye.. Both, the freshclam tasks and zombies of clamd still resident in the process list and will not be eliminated until a restart of clamd. On the other hand, clamd comes up again after this fault every day and works. The mails passing the mailscanner where scanned. I googled for houres, but I didn't found any sollution. Thank you for all help, Ralf This is my configuration file in the moment: ## ## Example config file for the Clam AV daemon ## Please read the clamd.conf(5) manual before editing this file. ## # Comment or remove the line below. #Example # Uncomment this option to enable logging. # LogFile must be writable for the user running daemon. # A full path is required. # Default: disabled LogFile /var/log/clamav/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # copy the configuration file, change the LogFile variable, and run # the daemon with --config-file option). # This option disables log file locking. # Default: disabled #LogFileUnlock # Maximal size of the log file. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. # Default: 1M LogFileMaxSize 0 # Log time with each message. # Default: disabled LogTime # Also log clean files. Useful in debugging but drastically increases the # log size. # Default: disabled #LogClean # Use system logger (can work together with LogFile). # Default: disabled LogSyslog # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # Default: LOG_LOCAL6 #LogFacility LOG_MAIL # Enable verbose logging. # Default: disabled #LogVerbose # This option allows you to save a process identifier of the listening # daemon (main thread). # Default: disabled PidFile /var/run/clamav/clamd.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). TemporaryDirectory /tmp # Path to the database directory. # Default: hardcoded (depends on installation options) DatabaseDirectory /var/lib/clamav # The daemon works in a local OR a network mode. Due to security reasons we # recommend the local mode. # Path to a local socket file the daemon will listen on. # Default: disabled LocalSocket /var/run/clamav/clamd.sock # Remove stale socket after unclean shutdown. # Default: disabled FixStaleSocket # TCP port address. # Default: disabled #TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. # Default: disabled #TCPAddr 127.0.0.1 # Maximum length the queue of pending connections may grow to. # Default: 15 MaxConnectionQueueLength 30 # Clamd uses FTP-like protocol to receive data from remote clients. # If you are using clamav-milter to balance load between remote clamd daemons # on firewall servers you may need to tune the options below. # Close the connection when the data size limit is exceeded. # The value should match your MTA's limit for a maximal attachment size. # Default: 10M #StreamMaxLength 20M # Limit port range. # Default: 1024 #StreamMinPort 3 # Default: 2048 #StreamMaxPort 32000 # Maximal number of threads running at the same time. # Default: 10 MaxThreads 50 # Waiting for data from a client socket will timeout after this time (seconds). # Value of 0 disables the timeout. # Default: 120 ReadTimeout 300 # Waiting for a new job will timeout after this time (seconds). # Default: 30 #IdleTimeout 60 # Maximal depth directories are scanned at. # Default: 15 #MaxDirectoryRecursion 20 # Follow directory symlinks. # Default: disabled #FollowDirectorySymlinks # Follow regular file symlinks. # Default: disabled #FollowFileSymlinks # Perform internal sanity check (database integrity and freshness). # Default: 1800 (30 min) #SelfCheck 600 # Execute a command when virus is found. In the command string %v will # be replaced by a virus
RE: [Clamav-users] Two problems running clamav
I would remove clamav completely (check you have no files at all that are related to it anywhere), then do a clean install from source. You claim to have spent hours over the upgrade, yet downloading and building from source will take you no more than a few minutes! ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Zafi worm misidentified as Trojan.Downloader.Small-1004
On Fri, 3 Feb 2006, Diego d'Ambra wrote: I'm investigating this. I believe that signature small-1004 is matching some sort of PE packer/obfuscater and must be updated to avoid detecting unrelated malware. Personally, I'm not as interested in naming the viruses as much as blocking them. If there is a signature that blocks multiple malware, based on some obfuscater that is in common use, this seems like a good thing, since there would be the potential of blocking future malware that uses it before we ever see it. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Zafi worm misidentified as Trojan.Downloader.Small-1004
Christopher X. Candreva wrote: On Fri, 3 Feb 2006, Diego d'Ambra wrote: I'm investigating this. I believe that signature small-1004 is matching some sort of PE packer/obfuscater and must be updated to avoid detecting unrelated malware. Personally, I'm not as interested in naming the viruses as much as blocking them. If there is a signature that blocks multiple malware, based on some obfuscater that is in common use, this seems like a good thing, since there would be the potential of blocking future malware that uses it before we ever see it. The problem arise when someone reports a false positive and the offending signature must be remove (or updated). Then malware that once where detected isn't any longer. If matching packer/obfuscater it must be unique and not used in non-malware. Anyway I'm updating the signature to be equal effective against yesterday's and today's outbreak. Best regards, Diego d'Ambra ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX10.20
When compiling version 0.88 of ClamAV, will version 2.95.2 work, or do I need to upgrade to a newer version of gcc? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaplan, Andrew H. Sent: Thursday, February 02, 2006 9:03 PM To: ClamAV users ML Subject: RE: [Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX10.20 Hi there -- The version of gcc running on the system is 2.95.2 19991024 (release) From: [EMAIL PROTECTED] on behalf of René Berber Sent: Thu 2/2/2006 8:06 PM To: clamav-users@lists.clamav.net Subject: [Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX 10.20 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kaplan, Andrew H. wrote: I located the netdb.h file in the /usr/include directory as opposed to the /usr/local directory. When I checked out its contents, the line that contained the text HOST_NOT_FOUND appeared to be commented out. Here is the syntax of that line: #define HOST_NOT_FOUND 1 /* Authoritative Answer Host not found */ This is a correct definition. It's not surrounded by #if ... #fi, is it? If the file needs to be located in /usr/local, can a symbolic link be created in /usr/local that points to /usr/include? No, that was my mistake, I wrote the wrong path. Now back to the original problem, why are those warnings appearing? Looking at the code the warning means that h_errno cannot take the value HOST_NOT_FOUND, h_errno is also defined in netdb.h just above the define. I can't see how the compiler determined that this part of the code is supposed to be unreachable (it really is reachable). That's two strange thing with the compilation, where is the -Werror? and why the compiler mistakenly thinks that some part of the code is unreachable? Perhaps I can think of something later. What version is your gcc? (i.e. gcc --version) - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Cygwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iEYEARECAAYFAkPirKAACgkQL3NNweKTRgz7oACg3wkezPfHa1zSMnWpI8E51pNw fLAAn22NXbnGpBo8SQAS5tdNYdYMGAcn =/70i -END PGP SIGNATURE- ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX10.20
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kaplan, Andrew H. wrote: When compiling version 0.88 of ClamAV, will version 2.95.2 work, or do I need to upgrade to a newer version of gcc? It should work, the manual says you can use versions 2.9.x and 3.x; but if I where having your problem, I'll give it a try (the easy way: download a precompiled version of just the c/c++ part of gcc, what's that site in Canada with all the packages for HP-UX? I haven't used HP-UX in a while...) - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Cygwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iEYEARECAAYFAkPjl6wACgkQL3NNweKTRgyQrQCggXcb/UeW2s0/b8t76lzwJNcf 0GgAoLBqO6685/RJdNmK+0zuQeVGHg7Q =qlcI -END PGP SIGNATURE- ___ http://lurker.clamav.net/list/clamav-users.html
Re: Re: Re :Re: [Clamav-users] 100% CPU clamav samba-vscan thunderbird
Hi guys, Hi James -- Snip -- Ok, Lets start again. (1) Is the mail being stored on a samba share? Eg: Thunderbird getting mail and putting it in mail-boxes that are on the server share. yes, exactly Internet- desktop + Norton Anti-virus --- samba share ( Linux + Clamav + Vscan-daemon) (2) Do you get any improvement if you temporarily turn off the samba-vscan? Just trying to see if this is with samba-vscan or the Thunderbird client itself. no improvement...8( a) with max file size = 0 scan on open = yes scan on close = yes exclude file types = Thunderbird# clamdscan Thunderbird: OK --- SCAN SUMMARY --- Infected files: 0 Time: 116.681 sec (1 m 56 s) b) with max file size = 10485760 scan on open = no scan on close = yes exclude file types = text/x-mail Thunderbird# Thunderbird: OK --- SCAN SUMMARY --- Infected files: 0 Time: 116.737 sec (1 m 56 s) All tests above took 100% of CPU . Thunderbird# du -hs 117M Is this normal??? (3) Try lowering the max file size option. samba-vscan does have a performance hit associated with it. see above ... (4) Try excluding the mail-box files from being scanned. Thunderbird like almost all email clients, won't like the mail-box files disappearing on them. Had this problem many times especially with outlook. inserting exclude file types = text/x-mail at vscan-samba.conf makes clamav runs like a charm. Is this the real option??? I'm not confident about it.. You don't need to scan twice; especially if you already have clamav-milter installed and running. yes just having Norton at desktop and Clamav at Samba gave us piece of mind that I'm trying to have it again...8)) BTW sometimes clamav capture some virus that Norton let it pass through.8) Thanks in advanced Let me know, James Kosin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4lzskNLDmnu1kSkRAniWAJ4hAH4tsDH7qFlpDiHhzer6nC990ACeIdyT nKe7uo9O5yKDTZDbSBGGQJY= =teFj -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net -- Paulo Ricardo Bruck - consultor signature.asc Description: Esta é uma parte de mensagem assinada digitalmente ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX10.20
René Berber spake thusly on Fri, Feb 03, 2006 at 11:49:32AM -0600: It should work, the manual says you can use versions 2.9.x and 3.x; but if I where having your problem, I'll give it a try (the easy way: download a precompiled version of just the c/c++ part of gcc, what's that site in Canada with all the packages for HP-UX? I haven't used HP-UX in a while...) --- end quoted text --- Here's a HP-UX porting center in the UK: http://hpux.connect.org.uk/ -- Did this email or post help you? If so, please rate me at affero: http://rate.affero.net/RhunDraco pgphV11QlReJa.pgp Description: PGP signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX10.20
Andrew, Let's step back a minute have you ever been able to compile ANY version of ClamAV on your 10.20 machine? Or, is this your first attempt? It does not look like ClamAV is one of the packages that hpux.connect.org.uk has ported. Jeff D ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX10.20
Hi there -- My predecessor was able to install version 0.75 onto the system in question. He compiled and installed from source. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Donsbach Sent: Friday, February 03, 2006 6:39 PM To: ClamAV users ML Subject: Re: [Clamav-users] Re: Problem Upgrading to version 0.88 on HP-UX10.20 Andrew, Let's step back a minute have you ever been able to compile ANY version of ClamAV on your 10.20 machine? Or, is this your first attempt? It does not look like ClamAV is one of the packages that hpux.connect.org.uk has ported. Jeff D ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html