Re: [Clamav-users] debian / new database format
Donovan Craig wrote: I'm trying to install clamav 0.65-2 with amavis & Exim etc.. I would recommend exiscan + exim instead of amavis + exim. MUCH faster. ---> Setting up clamav-freshclam (0.65-2) ... [snip] Downloading main.cvd [*] ERROR: Verification: MD5 verification error. Giving up... I've tried a few different mirrors in /etc/clamav/freshclam.conf but keep getting the same response. Really? Tried clamav.antispam.or.id yet? I manually deleted my *.cvd, and run freshclam, it's OK. bash-2.03# freshclam ClamAV update process started at Mon Feb 9 13:04:25 2004 Reading CVD header (main.cvd): OK Downloading main.cvd [*] main.cvd updated (version: 19, sigs: 19987, f-level: 1, builder: ddm) Reading CVD header (daily.cvd): OK Downloading daily.cvd [*] daily.cvd updated (version: 124, sigs: 680, f-level: 1, builder: ccordes) Database updated (20667 signatures) from clamav.antispam.or.id (202.134.0.71). Clamd successfully notified about the update. bash-2.03# freshclam -V freshclam / ClamAV version devel-20040209 When browsing the mirrors, it seems that half of them don't have the main.cvd file at all. My previous version of clamav had .db files instead.. What's the situation with the .cvd files? *.cvd MUST exist in root web (confirmed by Luca). *.cvd entries in database are optional. Most times you wouldn't be able to browse the root dir though. Is there a problem with these at the moment? No. Not general problem. There might be problem on one or two mirrors, haven't check them all. Or is this just the Debian package? Don't know about that. Try bulding from recent snapshot or use my binary on http://clamav.or.id/. My linux binaries should work on Debian. Where does clamav get the md5 checksum to check against? From the cvd files. bash-2.03# sigtool -i main.cvd Build time: 27 Jan 2004 12-31 +0100 Version: 19 # of signatures: 19987 Functionality level: 1 Builder: ddm MD5: 46b4b24055925f69a6d5d7802dbd1479 Digital signature: QwI5dHA0EuDyu+nTowuaUtj30yqEKhpbcV1o5XdkXDiRvqTYowbqh4by/BurpQOPF15XXXODL7b4jY4n9I8Kw/7gdPLwjLgeaqDUA5WRyMtZIlOJFJcCznw/ZYmkk+FQAM9URLmCepwtLZN9uynsUKXdmZE6SVBtk4Dkg//w5Mf Verification OK. Also, I've found that if you have a happy clamav running, then download an update with a bad md5 sum, the application stops when trying to restart. Would it be better to only overwrite the current database if the md5 check is successful, I don't think this is true. It only overwrites the current database if the md5 check is successful. Try verify your current *.cvd with sigtool -i. Haven't investigate further though. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] debian / new database format
Donovan Craig wrote: Hi, I'm trying to install clamav 0.65-2 with amavis & Exim etc.. on a Debian woody/sarge mixed system. When I go to install clamav, I get the following: ---> Setting up clamav-freshclam (0.65-2) ... Starting database update It takes freshclam ~3min to timeout and try the next mirror in the list ClamAV update process started at Mon Feb 9 16:43:32 2004 Reading CVD header (main.cvd): OK Downloading main.cvd [*] ERROR: Verification: MD5 verification error. Giving up... Starting clamav virus database updater: freshclam . ---> I've tried a few different mirrors in /etc/clamav/freshclam.conf but keep getting the same response. When browsing the mirrors, it seems that half of them don't have the main.cvd file at all. My previous version of clamav had .db files instead.. What's the situation with the .cvd files? Is there a problem with these at the moment? Or is this just the Debian package? Where does clamav get the md5 checksum to check against? Also, I've found that if you have a happy clamav running, then download an update with a bad md5 sum, the application stops when trying to restart. Would it be better to only overwrite the current database if the md5 check is successful, this is especially important when your mail server relies on it to work :-) Thank's. Sorry about all the questions. Regards, Yep, this is a known error. I screwed up the source tree with patching and not thoroughly testing :-( Mea maxima culpa. I found the cause ~8 hours ago and notified Steven Gran immediately, so updated packages should be available soon. Thomas (already knocked down by himself) --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: [AMaViS-user] Configuration file for CLAMAV & AMAVIS-NG
Me Its wrote: When I try to start it manually, I got this error: amavis[7023]: ***EMERG*** AMAVIS: Couldn't init AMAVIS::AV::CLAM: at /usr/share/perl5/AMAVIS.pm line 291. - Original Message - From: "Me Its" <[EMAIL PROTECTED]> Date: Monday, February 9, 2004 8:26 am Subject: [AMaViS-user] Configuration file for CLAMAV & AMAVIS-NG Dear All, I am using Debian Sid and just install both clamav-daemon and amavis- ng. I am using postfix as the MTA and using Courier-IMAP as the MDA. I need help on the sample configuration for both of this. I had tried to configure but it seems like virus is still coming. Thank you Since you are just starting, _please_ use amavisd-new (not ng). It does the job and is very well maintained. Thomas --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] debian / new database format
Hi, I'm trying to install clamav 0.65-2 with amavis & Exim etc.. on a Debian woody/sarge mixed system. When I go to install clamav, I get the following: ---> Setting up clamav-freshclam (0.65-2) ... Starting database update It takes freshclam ~3min to timeout and try the next mirror in the list ClamAV update process started at Mon Feb 9 16:43:32 2004 Reading CVD header (main.cvd): OK Downloading main.cvd [*] ERROR: Verification: MD5 verification error. Giving up... Starting clamav virus database updater: freshclam . ---> I've tried a few different mirrors in /etc/clamav/freshclam.conf but keep getting the same response. When browsing the mirrors, it seems that half of them don't have the main.cvd file at all. My previous version of clamav had .db files instead.. What's the situation with the .cvd files? Is there a problem with these at the moment? Or is this just the Debian package? Where does clamav get the md5 checksum to check against? Also, I've found that if you have a happy clamav running, then download an update with a bad md5 sum, the application stops when trying to restart. Would it be better to only overwrite the current database if the md5 check is successful, this is especially important when your mail server relies on it to work :-) Thank's. Sorry about all the questions. Regards, Donovan Snapfrozen Solutions"I may have invented control-alt-delete, http://www.snapfrozen.com but Bill Gates made it really famous." Ph: 03 59 615 715 - David Bradley, Inventor of Ctrl+Alt+Del Mob: 0414 666 518 --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd monitoring?
Erik Bourget wrote: It's really not an alternative, but an addition. Why? With entry in crontab */1 * * * * root /usr/local/bin/clamdwatch.pl -q && ( /usr/bin/killall -9 clamd; rm -fr /var/amavis/clamd; /etc/init.d/clamav-daemon start 2>&1 ) Wouldn't it be the same as checking clamd every minute and restarting it as necessary? Isn't that what daemontools do? Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd monitoring?
Mike Cathey wrote: under daemontools) could restart it. Does anybody have a clean way to detect clamd failure and kill it if it happens? http://mikecathey.com/code/clamdwatch/ I'd love more feedback on it. ;) Neat. I'll try it. I suggest you ask Luca to add this script (or link) on ClamAV's web page as an alternative to daemontools on clamd-supervised. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: making clamav on solaris {Scanned}
Andy Fiddaman wrote: On Sun, 8 Feb 2004, Nikolaj Wicker wrote: ; i 've got to reply to myself ... ; i found my mistake: under sunos 5.9 per default /usr/bin/id is being ; used which doesn't understand -u (-a will be the choice). another ; option is to use /usr/xpg4/bin/id which can deal with "-u". (This is from database/Makefile .. (@if test `id -u` -eq 0 && ...) Yes, but this depends on the SUNWxcu4 package being installed which it isn't on our servers here. I'm not sure what the long term supported status of the XPG4 utilities is (Sun haven't made any 64-bit binary versions available yet) so it may be better to stick to the standard (/usr/bin) utilities. I use GNU id (sh-utils) 2.0.15 from sunfreeware.com. Works. Although I agree that it would be better if standard utilities work as well. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd monitoring?
Erik, On Sat, 2004-02-07 at 21:31, Erik Bourget wrote: > I've got clamd processing a ton of mail, it does a good job not crashing > these days (cvs as of a week or so ago), but the new problem is as bad or > worse - the hanging. At least when it crashed, supervise (I'm running it > under daemontools) could restart it. Does anybody have a clean way to detect > clamd failure and kill it if it happens? http://mikecathey.com/code/clamdwatch/ I'd love more feedback on it. ;) Cheers, Mike --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: [AMaViS-user] Configuration file for CLAMAV & AMAVIS-NG
When I try to start it manually, I got this error: amavis[7023]: ***EMERG*** AMAVIS: Couldn't init AMAVIS::AV::CLAM: at /usr/share/perl5/AMAVIS.pm line 291. - Original Message - From: "Me Its" <[EMAIL PROTECTED]> Date: Monday, February 9, 2004 8:26 am Subject: [AMaViS-user] Configuration file for CLAMAV & AMAVIS-NG > Dear All, > > I am using Debian Sid and just install both clamav-daemon and > amavis- > ng. I am using postfix as the MTA and using Courier-IMAP as the MDA. > > I need help on the sample configuration for both of this. > > I had tried to configure but it seems like virus is still coming. > > Thank you > > > > --- > The SF.Net email is sponsored by EclipseCon 2004 > Premiere Conference on Open Tools Development and Integration > See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. > http://www.eclipsecon.org/osdn > ___ > AMaViS-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinf > AMaViS-FAQ:http://www.amavis.or > AMaViS-HowTos:http://www.amavis.org/howto/ > --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Fwd: Re: [Clamav-users] clamav info-site (WAS: Accessing the virus-db via php or perl)
Since I sent from the wrong address and the "moderator" killed it as always (why have a moderator if you're always going to kill the messages days later without regard to their merit??? Why not just bounce/reject them immediately???) here's the repost... Eric - Forwarded message from [EMAIL PROTECTED] - Date: Sat, 7 Feb 2004 13:35:04 -0600 From: Eric Rostetter <[EMAIL PROTECTED]> Reply-To: Eric Rostetter <[EMAIL PROTECTED]> Subject: Re: [Clamav-users] clamav info-site (WAS: Accessing the virus-db via php or perl) To: [EMAIL PROTECTED] Quoting Luc de Louw <[EMAIL PROTECTED]>: > I'm on the way to build up a multilanguage info site about clamav and > the viruses known by clamav. The code is in PHP and the license will be GPL Sounds great! > Right now implemented: (almost nothing) > > - GNU gettext i18n Since you are just starting still, you might want to think about using a framework like Horde (www.horde.org) for this. I'd bet the horde project would welcome such a module (though ultimately probably wanting to extend it to use any virus product and not just clamav). In fact, as I'm part of the Horde project, I'd be willing to not only try to help getting it into horde, but also help you with setup and coding and so on... > - import of sigtool -u in a MySQL|PostgreSQL Database Great (and thanks for including pgsql and not just mysql). > - Tracking of new Database inputs > - Form to enter additional information what a particular virus is doing > (Password protected, authorized users only?) It would be great if you could have: 1) Authoritive/authenticated users add content which would be shown as authoritive 2) Anyone add any non-authoritive info, which would be shown as non-authoritive I'm thinking kind of like the php manual, where there is the authoritive manual part, and then the user added discussions/submissions below it. So, you might have three parts: 1) Info from the clamav database 2) Authoritive info about the virus (description, etc) 3) General discussion (Has anyone seen this in the wild? Anyone know how to clean it from a machine? Here's how we configured our router to stop the DDoS component of this virus... stuff like that). > The goal is actually, that end-users can query a database to check if a > particular virus is allready recognized. That would be job #1. If we could add more info about the virus also, then all the better. > The r/o mailinglist is not very > comfortable for endusers, especially, if they do not speak english. Yes. And that i18n goal kind of goes against the "let anyone add anything" concept, but I still think it would be useful to people even if it wasn't translated, etc. (Or maybe users would translate others postings if they thought they were important enough, etc.) > What are you thinking about my plans? Sounds good. Even as the stand-alone project you propose it sounds great. But I could see it going even further. There is an obvious demand for such a product (just see the mailing list archives). > Luc -- Eric Rostetter The Department of Physics The University of Texas at Austin Why get even? Get odd! - End forwarded message - -- Eric Rostetter --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Configuration file for CLAMAV & AMAVIS-NG
Dear All, I am using Debian Sid and just install both clamav-daemon and amavis- ng. I am using postfix as the MTA and using Courier-IMAP as the MDA. I need help on the sample configuration for both of this. I had tried to configure but it seems like virus is still coming. Thank you --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamd/freshclam reload signal()
What signal will force clamd and freshclam to reload their config and reopen their logfiles? The reason I ask is because I just noticed that killall -HUP clamd that I use in my logrotate script isn't forcing the clamd daemon to reopen its log file by name. Ditto for freshclam. They continue using the already rotated log file (ex, /var/log/clamd.log.1 instead of /var/log/clamd.log). There are numerous possible signals so I figure it would be simpler to just ask. Many thanks. Justin --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Bounced messages
On Sun, 08 Feb 2004 10:58:47 -0500 "B.K. DeLong" <[EMAIL PROTECTED]> wrote: > I sent 5 to [EMAIL PROTECTED] and got about 20 more from last night > until this morning. Please don't send sco.a bounces to [EMAIL PROTECTED] / www submission script. Please send them directly to Nigel. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sun Feb 8 19:50:21 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] missing known virus
Hello Carl, Sunday, February 8, 2004, 3:05:56 PM, you wrote: C> I have clamav .65 with milter .60 installed in a sendmail C> system. clamav-milter seems to catch all the files except those in C> .zip files. C> I recieved mydoom in .zip files and it was scanned and tagged C> as clean by clamav-milter so I saved the attachment and scanned it C> with clamscan and it too said it was clean. C> Any suggestions on configs I may have screwed up? C> in my conf i have StreamSaveToDisk, ScanMail, ScanArchive, and ArchiveMaxFileSize 10M If some other scanner detected something in it, please submit the samples at http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi . There are many damaged mydoom/SCO.A arround at the moment. To add a proper signature we need some more samples. -- Best regards, Christophmailto:[EMAIL PROTECTED] --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] missing known virus
Yes mcafee (on my client) says it has mydoom A. As an after thought I unziped it (nice and safely on a linux box) and scanned it with clamscan and it still doesn't recognize it as infected so I will submit the file to the virus form. Carl - Original Message - From: "Thomas Lamy" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, February 08, 2004 9:13 AM Subject: Re: [Clamav-users] missing known virus > Carl wrote: > > > I have clamav .65 with milter .60 installed in a sendmail system. > > clamav-milter seems to catch all the files except those in .zip > > files. > > > > I recieved mydoom in .zip files and it was scanned and tagged as > > clean by clamav-milter so I saved the attachment and scanned it with > > clamscan and it too said it was clean. > > > > Any suggestions on configs I may have screwed up? > > > > in my conf i have StreamSaveToDisk, ScanMail, ScanArchive, and > > ArchiveMaxFileSize 10M > > > So what's the problem? clamav-milter says it's clan and clamscan too. > Is any other scanner saying the zip is infected? > > Thomas > > > > --- > The SF.Net email is sponsored by EclipseCon 2004 > Premiere Conference on Open Tools Development and Integration > See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. > http://www.eclipsecon.org/osdn > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamd.socket perms
why each time clamd start the clamd.socket is created with the following permitions, and how can i change this behaviour? srwxrwxrwx1 clamav clamav 0 Feb 8 18:53 clamd.socket= Thanks --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Bounced messages
At 08:25 AM 2/8/2004 +, you wrote: At 07:21 PM 2/7/2004 -0500, Vlad Jebelev wrote: >is there a version of ClamAV that can detect MyDoom/SCO.A virus in bounced >messages? - I've just tried the latest code from CVS and it doesn't seem >to work for bounces still. Got plenty of samples if needed. As always, if you e-mail examples of uncaught bounces to me (not to the list) I'll look into them. I sent 5 to [EMAIL PROTECTED] and got about 20 more from last night until this morning. Thanks. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] making clamav on solaris {Scanned}
hi thomas, see the makefile in database mail:/usr/local/src/clamav-devel$ cd database/ mail:/usr/local/src/clamav-devel/database$ grep id Makefile @if test `/usr/xpg4/bin/id -u` -eq 0 && test -n "${CLAMAVUSER}" && test -n "${CLAMAVGROUP}"; then \ -- nikolaj Am 08.02.2004 um 16:14 schrieb Thomas Lamy: Nikolaj Wicker wrote: "make install" aftr successful configure and make yields to this error: test -f /usr/local/share/clamav/viruses.db2 && rm -f /usr/local/share/clamav/viruses.db2 || true id: illegal option -- u Usage: id [-ap] [user] *** Error code 2 make: Fatal error: Command failed for target `install' Current working directory /usr/local/src/clamav-devel/database *** Error code 1 make: Fatal error: Command failed for target `install-recursive' i noticed this error in some earlier versions. i think the makefile should be corrected... i used todays cvs-code. -- Odd.. no "id" command in there. Are you sure you snipped the right parts? I have no solaris machine here... Thomas --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: making clamav on solaris {Scanned}
On Sun, 8 Feb 2004, Nikolaj Wicker wrote: ; i 've got to reply to myself ... ; i found my mistake: under sunos 5.9 per default /usr/bin/id is being ; used which doesn't understand -u (-a will be the choice). another ; option is to use /usr/xpg4/bin/id which can deal with "-u". (This is from database/Makefile .. (@if test `id -u` -eq 0 && ...) Yes, but this depends on the SUNWxcu4 package being installed which it isn't on our servers here. I'm not sure what the long term supported status of the XPG4 utilities is (Sun haven't made any 64-bit binary versions available yet) so it may be better to stick to the standard (/usr/bin) utilities. Probably worth mentioning at this point that the 'whoami' utility isn't standard in core solaris either, that needs the SUNWscpu (SunOS 4.x compatibility utilities) - "who am i | awk '{print$1}'" does the same though. Andy --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] making clamav on solaris {Scanned}
Nikolaj Wicker wrote: "make install" aftr successful configure and make yields to this error: test -f /usr/local/share/clamav/viruses.db2 && rm -f /usr/local/share/clamav/viruses.db2 || true id: illegal option -- u Usage: id [-ap] [user] *** Error code 2 make: Fatal error: Command failed for target `install' Current working directory /usr/local/src/clamav-devel/database *** Error code 1 make: Fatal error: Command failed for target `install-recursive' i noticed this error in some earlier versions. i think the makefile should be corrected... i used todays cvs-code. -- Odd.. no "id" command in there. Are you sure you snipped the right parts? I have no solaris machine here... Thomas --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] missing known virus
Carl wrote: I have clamav .65 with milter .60 installed in a sendmail system. clamav-milter seems to catch all the files except those in .zip files. I recieved mydoom in .zip files and it was scanned and tagged as clean by clamav-milter so I saved the attachment and scanned it with clamscan and it too said it was clean. Any suggestions on configs I may have screwed up? in my conf i have StreamSaveToDisk, ScanMail, ScanArchive, and ArchiveMaxFileSize 10M So what's the problem? clamav-milter says it's clan and clamscan too. Is any other scanner saying the zip is infected? Thomas --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: making clamav on solaris {Scanned}
uuupps! i 've got to reply to myself ... i found my mistake: under sunos 5.9 per default /usr/bin/id is being used which doesn't understand -u (-a will be the choice). another option is to use /usr/xpg4/bin/id which can deal with "-u". sorry -- nikolaj Am 08.02.2004 um 15:31 schrieb Nikolaj Wicker: "make install" aftr successful configure and make yields to this error: test -f /usr/local/share/clamav/viruses.db2 && rm -f /usr/local/share/clamav/viruses.db2 || true id: illegal option -- u Usage: id [-ap] [user] *** Error code 2 make: Fatal error: Command failed for target `install' Current working directory /usr/local/src/clamav-devel/database *** Error code 1 make: Fatal error: Command failed for target `install-recursive' i noticed this error in some earlier versions. i think the makefile should be corrected... i used todays cvs-code. -- nikolaj --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] making clamav on solaris {Scanned}
"make install" aftr successful configure and make yields to this error: test -f /usr/local/share/clamav/viruses.db2 && rm -f /usr/local/share/clamav/viruses.db2 || true id: illegal option -- u Usage: id [-ap] [user] *** Error code 2 make: Fatal error: Command failed for target `install' Current working directory /usr/local/src/clamav-devel/database *** Error code 1 make: Fatal error: Command failed for target `install-recursive' i noticed this error in some earlier versions. i think the makefile should be corrected... i used todays cvs-code. -- nikolaj --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] missing known virus
I have clamav .65 with milter .60 installed in a sendmail system. clamav-milter seems to catch all the files except those in .zip files. I recieved mydoom in .zip files and it was scanned and tagged as clean by clamav-milter so I saved the attachment and scanned it with clamscan and it too said it was clean. Any suggestions on configs I may have screwed up? in my conf i have StreamSaveToDisk, ScanMail, ScanArchive, and ArchiveMaxFileSize 10M Carl [EMAIL PROTECTED] http://www.red-dragon2.com http://www.server-resources.com --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] installation problem - important
Tanmaya Anand wrote: hi all , I am a new to clamav. I am using linux 7.1 on a PIII machine. When i try the command ./configure --sysconfdir=/etc I get the following message *checking for C compiler default output... configure: error: C compiler cannot create executables * Are you sure your gcc is working? You could also try my precompiled build which sould work on RH 7.1 http://clamav.or.id/snapshot/clamav-devel-latest.linux-libc-2.2.5.tar.gz Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] installation problem - important
Tanmaya Anand wrote: hi all , Hi! I am a new to clamav. Welcome! I am using linux 7.1 on a PIII machine. There is no such thing as "Linux 7.1". There exist at least SuSE Linux 7.1 and RedHat Linux 7.1, but these differ a lot (and SuSE dropped support for 7.1 a year ago). I don't want to be offendive here. Really. There's a good chance you receive helpful answers if you precisely describe the circumstances: - OS Version/Distribution If you're compiling from source: - Source version (eg full name of the tarball and where you got it from, or date of latest ChangeLog entry if you're compiling from CVS) If you're using a prebuilt binary: - Exact version information (eg output from "clamscan --version" or "clamav-milter --version") - What type and version of binary distribution used (rpm, deb, ...) and where you downloaded it from - exact error message and commandline which produced it This is not offendive, but a mere line-up of what we need to help. This _has_ to be posted every now and then. But on to your problem: When i try the command ./configure --sysconfdir=/etc I get the following message *checking build system type... ./config.guess: line 1: 16810 Aborted (core dumped) ( $c $dummy.c -c -o $dummy.o ) >/dev/null 2>&1 ./config.guess: line 1: 16813 Aborted (core dumped) ( $c $dummy.c -c -o $dummy.o ) >/dev/null 2>&1 This is definitely _not_ related to clamav. GCC core dumps are usually related to a bug in gcc itself, or (more likely) due to faulty RAM. You may want to try memtest86 (it's on all SuSE cd's since 7.x, don't know if/how other vendors ship it). Kind Regards, Thomas --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd monitoring?
On Sun, 2004-02-08 at 08:12, Erik Bourget wrote: > >>I've got clamd processing a ton of mail, it does a good job not crashing > >>these days (cvs as of a week or so ago), but the new problem is as bad or > >> worse - the hanging. > >> > > Additional tidbit: > > When clamd is normally running, pstree shows me: > > clamd --- clamd --- clamd > It looks like the known clamd brokenness. A new version is currently under testing, and I'm hoping it'll be integrated into CVS early next week. -trog --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] installation problem - important
hi all , I am a new to clamav. I am using linux 7.1 on a PIII machine. When i try the command ./configure --sysconfdir=/etc I get the following message checking build system type... ./config.guess: line 1: 16810 Aborted (core dumped) ( $c $dummy.c -c -o $dummy.o ) >/dev/null 2>&1./config.guess: line 1: 16813 Aborted (core dumped) ( $c $dummy.c -c -o $dummy.o ) >/dev/null 2>&1i686-pc-linux-gnuchecking host system type... i686-pc-linux-gnuchecking target system type... i686-pc-linux-gnucreating target.h - canonical system defineschecking for a BSD-compatible install... /usr/bin/install -cchecking whether build environment is sane... yeschecking for gawk... gawkchecking whether make sets ${MAKE}... yeschecking for gawk... (cached) gawkchecking for gcc... gccchecking for C compiler default output... configure: error: C compiler cannot create executables config.log is attached with the mail Plz reply at the earliest. Thanks in advanceTanmaya config.log Description: Binary data
[Clamav-users] documentaion
greeting first of all i would like thanks to all whom contribute clamav. I got some question whitch is not not quite well documented. I used clamav 0.60 before 0.65 and i have this question. In clamav 60 i did read somewhere in documentation(pdf), that it can refuse SMTP session if it detect virus in message. And it realy worked like that. I use clamav with qmail-scanner. So client could not even queue his message on server, mail got copied into /var/spool/qmailscan/quarantine but it were not loged in /var/spool/qmailscan/quarantine.txt. Only messsages whitch has been filtered by qmail-scanner was reported in that log file. Virus were reported by clamd in /var/log/clamd.log Is it possible to setup clamav to refuse viruses, but still log them into /var/spool/qmailscan/quarantine.txt. Or at least refuse them as clamav .60 did. i do run clamd and qmail-scanner run clamdscan thanks for any advise regards tomas ___ E-mailova schranka stale po ruce - kdykoliv, kdekoliv. Eurotel Vam nabizi moznost prijimat a odesilat e-maily primo z mobilniho telefonu bez pouziti pocitace. Ted levnejsi nez SMS! Vice na http://adsweb.tiscali.cz/eurotel.html --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamav-milter
Hello All, I had a problem, clamav-milter doesn't close some threds and, once a day, die. I did some changes in clamav-milter source, and it seems that it work more stable now. But I'm too lazy to do a patch or something, and I deleted a lot of lines, that I not using. That's why I attach what I did to this letter, maybe it will be useful to somebody... P.S. sorry for bad english. -- Best regards, Dimamailto:[EMAIL PROTECTED] clamav-milter.tgz Description: application/compressed
Re: [Clamav-users] clamd monitoring?
Erik Bourget wrote: these days (cvs as of a week or so ago), but the new problem is as bad or worse - the hanging. Additional tidbit: When clamd is normally running, pstree shows me: clamd --- clamd --- clamd When it is hung, I see only clamd --- clamd I don't get it. What do you mean by "hung" anyway? e.g is it : - not accepting connections - consume enormous amount of resource and make system very slow How about this config file? LocalSocket /var/run/clamd.ctl Foreground ScanArchive ScanMail DatabaseMirror database.clamav.net StreamSaveToDisk ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 ArchiveMaxFileSize 10M ThreadTimeout 180 MaxThreads 5 MaxConnectionQueueLength 15 PidFile /var/run/clamd.pid DataDirectory /var/lib/clamav/ SelfCheck 3600 Should work. Although personally I'd disable ScanMail, and let external unpacker do the work. Then again, on my system the mail queue format is not standard mbox format, thus clamd and clamscan --mbox was never able to pick up attachments anyway. No Log whatsoever? I would recommend adding LogVerbose, LogTime, LogFile, and LogFileMaxSize 0. Then see what the log file says. What OS and ClamAV version are you using? regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Bounced messages
Vlad Jebelev wrote: is there a version of ClamAV that can detect MyDoom/SCO.A virus in bounced messages? - I've just tried the latest code from CVS and it doesn't seem to work for bounces still. Got plenty of samples if needed. Could you make the sample available online? I would like too see it too. I use external unpacker (exiscan) to extract attachements. As long as exiscan unpacker works, ClamAV should detect the virus. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Bounced messages
At 07:21 PM 2/7/2004 -0500, Vlad Jebelev wrote: >is there a version of ClamAV that can detect MyDoom/SCO.A virus in bounced >messages? - I've just tried the latest code from CVS and it doesn't seem >to work for bounces still. Got plenty of samples if needed. As always, if you e-mail examples of uncaught bounces to me (not to the list) I'll look into them. -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd monitoring?
"Fajar A. Nugraha" <[EMAIL PROTECTED]> writes: > Erik Bourget wrote: > >>I've got clamd processing a ton of mail, it does a good job not crashing >>these days (cvs as of a week or so ago), but the new problem is as bad or >> worse - the hanging. >> > I use recent snapshot to handle lots of mail (for over 1 million > users). AFAIK, It hasn't hang, nor crashed. > How do you set up your clamav.conf? Did you disable timeout, archive size > limit, etc? > > The default config file should work fine. Additional tidbit: When clamd is normally running, pstree shows me: clamd --- clamd --- clamd When it is hung, I see only clamd --- clamd How about this config file? LocalSocket /var/run/clamd.ctl Foreground ScanArchive ScanMail DatabaseMirror database.clamav.net StreamSaveToDisk ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 ArchiveMaxFileSize 10M ThreadTimeout 180 MaxThreads 5 MaxConnectionQueueLength 15 PidFile /var/run/clamd.pid DataDirectory /var/lib/clamav/ SelfCheck 3600 and this daemontools run script: #!/bin/sh exec 2>&1 killall -9 clamd rm -f /var/run/clamd.* exec softlimit -m 6000 \ clamd Thanks, Erik --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav daemon
Gareth wrote: now, but want to try using the daemon instead. I've looked at Page 7 in the ClamAV PDF, and found I need to edit /etc/clamav.conf, but this file doesn't even exist in my /.etc directory, nor anywhere on my system. Perhaps the documentation is outdated ... What ClamAV version are you using? Try /usr/local/etc. If you still can't find it, try rebuilding from recent snapshot/CVS. If you still can't get it to work, try my precompiled linux build on http://clamav.or.id/. This build should work out-of-the-box, running as user root (you can change it). Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd monitoring?
Erik Bourget wrote: Hello; I've got clamd processing a ton of mail, it does a good job not crashing these days (cvs as of a week or so ago), but the new problem is as bad or worse - the hanging. I use recent snapshot to handle lots of mail (for over 1 million users). AFAIK, It hasn't hang, nor crashed. How do you set up your clamav.conf? Did you disable timeout, archive size limit, etc? The default config file should work fine. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users