Hi
Im using qmail-scanner to run clamav.
I just updatet the clamav-0.67-1.
And now i get this error when qmail-scanner runs the clamscan:
LibClamAV Error: readdb(): Malformed pattern line 14312 (file
/var/spool/qmailscan/tmp/newsant.com107778169446412059/e96db5fd6c3d09cb/viruses.db).
LibClamAV
I am running freshclam every hour (and it was also running at 05:00
exactly).
This is not a request/advice to the author of that message particularly,
but a general one.
Please don't all run freshclam at sharp hours (hh:00). It cause
unneeded peaks of load on database servers. It also makes
Jason wrote:
Traffic will be around 10-15,000 emails sent and received daily.
Couple of questions about ClamAV.
Can someone give me a run down on stability of ClamAV? Is it pretty much
just set it up and let it run? Reliability? Performance. A daemonized
version of software was very
Hi,
Can anyone tell me why the virus names within ClamAV are different from ones
from other virus vendors?
For example, W32.Netsky.B (as called by Sophos, McAfee etc.) is detected and
named Worm.Somefool by ClamAV.
Thanks,
Andrew McCall
On Thu, 26 Feb 2004 10:49:44 +, Andrew McCall wrote:
For example, W32.Netsky.B (as called by Sophos, McAfee etc.) is detected and
named Worm.Somefool by ClamAV.
When description for Worm.SomeFool (W32.Netsky.A) was added to
clamav, no another scanner recognised it at the time,
Mike Brodbelt wrote:
I've just come across a core dump generated by clamav-milter 0.67d from
CVS, that occurred during one of it's problem periods. Before I delete
it, would it hbe of any use to any of the developers?
Mike.
Core dumps are _always_ a valuable resource when it comes to bug
On Thu, 26 Feb 2004, Andrew McCall wrote:
Hi,
Can anyone tell me why the virus names within ClamAV are different from ones
from other virus vendors?
For example, W32.Netsky.B (as called by Sophos, McAfee etc.) is detected and
named Worm.Somefool by ClamAV.
There is no organized naming
Would you rather have a prompt and timely detection of new viruses or wait
for a committee to decide a common name?
Your call.
Cheers,
Phil
-
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
-Original Message-
From: [EMAIL
On Thu, 2004-02-26 at 18:33, Nigel Horne wrote:
From: [EMAIL PROTECTED]
It fails and leaves me with this error in my /var/log/messages
Feb 26 14:50:45 xcon5 clamav-milter: ClamAv: Unable to bind to port
/var/run/clmilter.sock: Address already in use
Try adding FixStaleSocket in
On Thu, 26 Feb 2004, Mike Brodbelt wrote:
; Jason wrote:
; Couple of questions about ClamAV.
; Can someone give me a run down on stability of ClamAV? Is it pretty much
; just set it up and let it run? Reliability? Performance. A daemonized
; version of software was very important to me, that
On Thu, 26 Feb 2004 at 13:55:53 -, Chris Evans wrote:
amavisd-new-20030616-p7 (Debian)
clamav 0.67-1 (from Debian stable -- I think)
One interesting discovery I've made setting up amavisd-new and
clamav. Amavisd-new seems to expect to find the clamd.ctl socket at
/var/run/clamd.ctl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
has anyone noticed any problems with clamd leaking memory? I've installed the
rpm from crash-hat and it seems to be chewing up my swap quickly. I
uninstalled that and built from source and it does the same thing, just a bit
slower. I'll have to
On Thu, 2004-02-26 at 11:42, Philipp Grosswiler wrote:
Shortly after starting clamd again, it crashed once again with the same
problem: segmentation fault!
It's likely that a file it is scanning is causing the failure. Would it
be possible to isolate which file(s) it is scanning at the time?
Hello all,
When I try to start the clamav-milter under sendmail on my BSD box I get the
following error..
*** Unable to bind to port /var/run/clmilter.sock: Address already in use
Marc S. Brooks
Programmer/Systems Admin
975 Andreasen
Escondido, CA 92029
760-740-2625 ph
760-740-2643 fx
On Thu, 26 Feb 2004, Michael St. Laurent wrote:
That's interesting. Would you be willing to share more details of your
setup and how it all works? Is this MailScanner you're talking about?
Sure. Here are the main parts of my setup :
First my script to restart clamd from cron if it should
Jesper Juhl mailto:[EMAIL PROTECTED] wrote:
With my setup it goes into a queue, but only if no scanner at all is
available. If clamd dies my setup falls back on using clamscan which
is slower and causes mail to queue up, but it's better than letting it
through unscanned.
It has only
Nothing like replying to yourself eh? :)
Well I found a source of the problem...
seems I'm running out of file descriptors. When I do a: lsof -p pid of
clamd |wc -l I'm getting over 1000. I happened to catch it when it got
up to 1000 (it is happening right now, well by the time I wrote this it
On Thu, 26 Feb 2004, John Jolet wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have a question about thatis it documented anywhere how to get clamd
integrated into postfix? all i could find was instructions on doing it via
amavisd-new, so that's the road i've started down,
On Thu, 2004-02-26 at 04:41, Peter McCreath wrote:
Thanks, but yes i run freshclam via a cron job.
The strange thing is that running clamdscan on a mesg
will detect the eicar zip test, but clamd still lets
this through.
Did you un-comment scanmail in the clamav.conf?
Post your conf file
On Thu, 2004-02-26 at 15:23, Michael St. Laurent wrote:
That's interesting. Would you be willing to share more
details of your setup and how it all works? Is this
MailScanner you're talking about?
I have a similar setupmy configs are here:
http://mikecathey.com/postfix-cyrus-amavis/
On Thu, 26 Feb 2004, jef moskot wrote:
On Thu, 26 Feb 2004, Jesper Juhl wrote:
...I have setup a cron job to monitor it every 5 minutes and start it up
again if it should happen again - so, that way I should only be relying
on clamscan for a maximum of 5min which is not a problem.
Ah,
Thomas Lamy wrote:
Mike Brodbelt wrote:
I've just come across a core dump generated by clamav-milter 0.67d from
CVS, that occurred during one of it's problem periods. Before I delete
it, would it hbe of any use to any of the developers?
Mike.
Core dumps are _always_ a valuable resource
Hi,
When using latest snapshots compiled with :
./configure --disable-clamuko --sysconfdir=/etc
I get the following error msg when starting clamd
ERROR: Clamuko is not available
0.67 and before never had it...
Greetings, Bas
---
SF.Net
Hello Trog.
It's likely that a file it is scanning is causing the
failure. Would it be possible to isolate which file(s) it is
scanning at the time?
It doesn't seem to be the e-mail it was scanning, or I can't exactly say
which e-mail it was (unfortunately clamd doesn't show much in the
Thanks, but yes i run freshclam via a cron job.
The strange thing is that running clamdscan on a mesg
will detect the eicar zip test, but clamd still lets
this through.
Did you un-comment scanmail in the clamav.conf?
I am a Win32 Clamav user, and clamdscan never scans mail files, as far
On Wed, 2004-02-25 at 19:30, Tomasz Kojm wrote:
On 25 Feb 2004 11:32:20 +0100
Tarjei Knapstad [EMAIL PROTECTED] wrote:
snip
I'm running 0.67-1. Is there any way I can make freshclam recover a
bit more gracefully than just dying? (or is it a bug?)
That's a known issue and will be
John Jolet wrote:
has anyone noticed any problems with clamd leaking memory? I've
installed the rpm from crash-hat and it seems to be chewing up my swap
quickly. I uninstalled that and built from source and it does the
same thing, just a bit slower.
I cannot reproduce that:
vscan 342
John Jolet wrote:
has anyone noticed any problems with clamd leaking memory? I've installed the
rpm from crash-hat and it seems to be chewing up my swap quickly. I
uninstalled that and built from source and it does the same thing, just a bit
slower. I'll have to restart clamd nightly if i
Hello all,
Currently running clamav-0.67 on FreeBSD.
When I try to start the clamav-milter under sendmail using-
/usr/local/sbin/clamav-milter -blo /var/run/clmilter.sock
It fails and leaves me with this error in my /var/log/messages
Feb 26 14:50:45 xcon5 clamav-milter: ClamAv: Unable to bind
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have a question about thatis it documented anywhere how to get clamd
integrated into postfix? all i could find was instructions on doing it via
amavisd-new, so that's the road i've started down, but I'd prefer to do it
natively via clamd, if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I bet it does, since yesterday i scanned an email with clamav that our
up-to-date trend micro av on exchange let through :)
i chortled to the exchange admin about it, too.
On Thursday 26 February 2004 11:16 am, Kevin Hanser wrote:
I've recently
On Wednesday 25 February 2004 10:56, Sergey wrote:
That do you think about add options ignore scanning error to clamav-milter ?
Some servers must deliver mail in any case...
Oh, I miss --dont-scan-on-error key, sorry. But problem with write failure to clamd
exist. :-(
Feb 26 22:11:47
On Thu, 26 Feb 2004 12:16:02 -0500
Kevin Hanser [EMAIL PROTECTED] wrote:
I've recently been asked if our virus scanner (clamav) detects the
latest mydoom, Mydoom.F. I've seen other messages on this and the
mailscanner list that indicate that it does, but I've been unable to
confirm it myself
On Thu, 26 Feb 2004 18:04:46 +0100
Ignasi Prat [EMAIL PROTECTED] wrote:
Please forget my previous post. I had a typo error in the scanmail
definition and the function was not activated.
I have now retyped again it works perfect !
The reason is that in Windows default clamav.conf file has
From: [EMAIL PROTECTED]
It fails and leaves me with this error in my /var/log/messages
Feb 26 14:50:45 xcon5 clamav-milter: ClamAv: Unable to bind to port
/var/run/clmilter.sock: Address already in use
Try adding FixStaleSocket in clamav.conf.
Marc S. Brooks
-Nigel
At 11:16 AM 2/26/04, Kevin Hanser wrote:
I've recently been asked if our virus scanner (clamav) detects the latest
mydoom, Mydoom.F. I've seen other messages on this and the mailscanner
list that indicate that it does, but I've been unable to confirm it myself yet.
If I do: sigtool --list-sigs
On Thu, 26 Feb 2004, jef moskot wrote:
On Thu, 26 Feb 2004, Jesper Juhl wrote:
clamd has died on me only once...
Traffic at my site is still low enough that I am just using clamscan.
What happens when clamd dies? Does mail continue to go through unscanned,
or does it start backing up in
everything snipped
When I'm wondering if clamav detects a new virus.
I contemplate going through the clamav-virusdb archive and looking for the
keyword.
But
I'm
Lazy.
You should be lazy too.
So I go here, and search term it.
http://marc.theaimsgroup.com/?l=clamav-virusdbw=2r=1s=q=b
--
Luke
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Philipp
Grosswiler
Sent: Thursday, February 26, 2004 3:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [Clamav-users] Segmentation Fault (Again)!
Hello Trog.
It's likely that a file it is scanning is
John Jolet wrote:
I have a question about thatis it documented anywhere how to get clamd
integrated into postfix? all i could find was instructions on doing it via
amavisd-new, so that's the road i've started down, but I'd prefer to do it
natively via clamd, if possible.
AFAIK this is not
On Thu, 26 Feb 2004 18:04:46 +0100
Ignasi Prat [EMAIL PROTECTED] wrote:
Please forget my previous post. I had a typo error in the scanmail
definition and the function was not activated.
I have now retyped again it works perfect !
Hmm... a typo in clamav.conf should prevent clamd from
On Thu, 26 Feb 2004, Jesper Juhl wrote:
...I have setup a cron job to monitor it every 5 minutes and start it up
again if it should happen again - so, that way I should only be relying
on clamscan for a maximum of 5min which is not a problem.
Ah, OK. Well, that doesn't sound too bad at all.
I am a Win32 Clamav user, and clamdscan never scans mail files, as far as
I
tested (and retested today with scanmail uncommented), clamdscan only
detects the same as clamscan without -mbox option.
Please forget my previous post. I had a typo error in the scanmail
definition and the function
On Thu, 26 Feb 2004 at 10:30:43 -0500, jef moskot wrote:
On Thu, 26 Feb 2004, Jesper Juhl wrote:
clamd has died on me only once...
Traffic at my site is still low enough that I am just using clamscan.
What happens when clamd dies? Does mail continue to go through unscanned,
or does it
John Jolet wrote:
has anyone noticed any problems with clamd leaking memory?
Not me.
I've installed the
rpm from crash-hat and it seems to be chewing up my swap quickly.
If this happens to me, I'd try building the latest CVS snapshot. I
suggest you do the same.
I'm running devel-20040203
Title: Message
I've recently been
asked if our virus scanner (clamav) detects the latest mydoom, Mydoom.F.
I've seen other messages on this and the mailscanner list that indicate that it
does, but I've been unable to confirm it myself yet.
If I do: sigtool
--list-sigs | grep -i mydoom
I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm going to watch it for a few days and see if it grows. might be a leak in
a shared library on fedora. I'm not too concerned about issuing a restart
each night. This is just a family mail server.
On Thursday 26 February 2004 10:16 am, Ralph
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
clamscan / ClamAV version 0.67
On Thursday 26 February 2004 10:21 am, Thomas Lamy wrote:
John Jolet wrote:
has anyone noticed any problems with clamd leaking memory? I've
installed the rpm from crash-hat and it seems to be chewing up my swap
--- russ [EMAIL PROTECTED] wrote: On Thu,
2004-02-26 at 04:41, Peter McCreath wrote:
Thanks, but yes i run freshclam via a cron job.
The strange thing is that running clamdscan on a
mesg
will detect the eicar zip test, but clamd still
lets
this through.
Did you un-comment
On Thu, 26 Feb 2004 10:49:44 +
Andrew McCall [EMAIL PROTECTED] wrote:
Hi,
Can anyone tell me why the virus names within ClamAV are different
from ones from other virus vendors?
For example, W32.Netsky.B (as called by Sophos, McAfee etc.) is
detected and named Worm.Somefool by ClamAV.
[Apologies if this is a common question, but I've gone through the list
archives and searched for FAQ answer with no luck. This is a common
question on both the procmail and spamassassin lists, and I don't want
to give out bad information on such an important topic.]
Tomasz Kojm wrote:
Same issue, I had .65 binary running, tried re-compiling both .65 and
.67 when it released. clamd just dies and milter connections go thru
the roof...
Feb 26 04:23:52 em1 clamav-milter[4570]: hit max-children limit (300 =
300): waiting for some to exit
Feb 26 04:23:54 em1 clamav-milter[4570]:
On Thursday 26 February 2004 11:21 am, Randal, Phil wrote:
Would you rather have a prompt and timely detection of new viruses or wait
for a committee to decide a common name?
Thats obvious, but if you read my original email, you will notice I wasn't
complaining about it - just asking.
On Thu, 26 Feb 2004, Philipp Grosswiler wrote:
clamav-devel-20040224
Linux version 2.4.21-166-smp4G ([EMAIL PROTECTED]) (gcc version 3.3.1 (SuSE
Linux)) #1 SMP Fri Dec 19 15:43:30 UTC 2003
I was compiling from the CVS source distribution at clamav.net.
I have reviewed alle paths to
Please forget my previous post. I had a typo error in the scanmail
definition and the function was not activated.
I have now retyped again it works perfect !
Hmm... a typo in clamav.conf should prevent clamd from starting.
Sure ! It failed to start and I assumed that scanmail was not suported
Hello Jim.
That is an _incredibly_ high spam score. I've never seen over 30.
If you have a blacklist set up, you will always get a score of 100 plus the
usual scores :) ...
On a more 'relative to the topic' note, logging like that of spamd
would be quite nice. :)
Yes, that's what I would
56 matches
Mail list logo
