Re: [Clamav-users] Complexity limit on (custom) signatures?
On Sat, Oct 28, 2006 at 04:28:47PM -0700, Dennis Peterson wrote: I don't get it.. unless you have some big honeypot, maybe 5% of traffic contain small images to be OCRd. If your server can't handle that, I guess it's running out of juice anyway. :) You can even easily create separate scanning queue for OCR, so it doesn't interfere with normal traffic. You may have missed that I'm in the image industry - a great deal of what we do is imagery including imagery with text in it, and as we have to scan all images over a particular size, it would require more cpu than is worth it. Ok that's fair. But you probably meant: scan everything _under_ SpamAssassin scan size. That's only whole messages less than ~256kB to be scanned by default in most software. I guess if you get images from all over, you can't whitelist etc then. Cheers, Henrik ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Complexity limit on (custom) signatures?
Henrik Krohns wrote: On Sat, Oct 28, 2006 at 04:28:47PM -0700, Dennis Peterson wrote: I don't get it.. unless you have some big honeypot, maybe 5% of traffic contain small images to be OCRd. If your server can't handle that, I guess it's running out of juice anyway. :) You can even easily create separate scanning queue for OCR, so it doesn't interfere with normal traffic. You may have missed that I'm in the image industry - a great deal of what we do is imagery including imagery with text in it, and as we have to scan all images over a particular size, it would require more cpu than is worth it. Ok that's fair. But you probably meant: scan everything _under_ SpamAssassin scan size. That's only whole messages less than ~256kB to be scanned by default in most software. I guess if you get images from all over, you can't whitelist etc then. Lemme run it past you one more time - images are money in my world. I can't make mistakes. The right image is worth millions of dollars. Blocking such an image is something that's going on my resume'. Nobody knows where the next big image is coming from, so the rule is caution, caution, caution. It does not apply to everyone, certainly. I envy others who can bitch slap image spam vendors with little regard. That would be cool. I can't do it. I know how but don't dare. It's probably why I get pissy :) dp ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav-milter dies after update by freshclam
ClamAV version - snapshot 20061026 (also testing v0.90RC1.1) OS - Solaris 5.9 (with updated zlib v1.2.3, gcc v3.4.0) I have a problem with clamav-milter: it's die when freshclam gots errors. freshclam log: -- Received signal: wake up Max retries == 3 ClamAV update process started at Fri Oct 27 16:26:24 2006 Querying current.cvd.clamav.net TTL: 900 Software version from DNS: 0.88.5 main.cvd version from DNS: 40 main.cvd is up to date (version: 40, sigs: 64138, f-level: 8, builder: tkojm) daily.cvd version from DNS: 2116 Retrieving http://db.RU.clamav.net/daily-2115.cdiff Trying to download http://db.RU.clamav.net/daily-2115.cdiff (IP: 62.181.41.8) Downloading daily-2115.cdiff [100] cdiff_apply: Parsed 10 lines and executed 10 commands Retrieving http://db.RU.clamav.net/daily-2116.cdiff Trying to download http://db.RU.clamav.net/daily-2116.cdiff (IP: 62.181.41.8) Downloading daily-2116.cdiff [*] ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed ERROR: getpatch: Can't apply patch WARNING: Removing incremental directory daily.inc WARNING: Incremental update failed, downloading complete database Retrieving http://db.RU.clamav.net/daily.cvd Trying to download http://db.RU.clamav.net/daily.cvd (IP: 62.181.41.8) Downloading daily.cvd [100] daily.cvd updated (version: 2116, sigs: 10401, f-level: 8, builder: ccordes) Database updated (74539 signatures) from db.RU.clamav.net (IP: 62.181.41.8) -- Right after that clamav-milter dies. Here is sendmail log: -- Oct 27 16:26:36 bella sendmail[1099]: [ID 801593 mail.error] k9R6QaAT001099: Milter (clamav): local socket name /usr/local/var/run/clamav/clmilter.sock unsafe Oct 27 16:26:36 bella sendmail[1099]: [ID 801593 mail.info] k9R6QaAT001099: Milter (clamav): to error state Oct 27 16:26:36 bella sendmail[1099]: [ID 801593 mail.info] k9R6QaAT001099: Milter: initialization failed, temp failing commands ... and so on ... -- How to correct freshclam (or milter)? Is it bug? Best regards, Michael Isaev ___ http://lurker.clamav.net/list/clamav-users.html