Good day everyone.
Where does the clamd.sock reside? isn't it created automatically? Am
using clamav-0.70
does anyone have a sample copy of filtered_domains file for postfix?
Could I take a look at what it looks like?
Thanks
---
This SF.Net
I'm using clamav 0.70, with clamav-milter 0.70o, under RH 9. It appears to drop
infected mail as it should, but I'm not getting a copy to postmaster or to the
quarantine
address. Nothing is logged in /var/log/clamav/*, and there's no log entry in the
maillog showing that the message was infected.
I got this on two machines today during a manual freshclam:
# freshclam
ClamAV update process started at Wed Apr 21 21:40:47 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd
On Wed, 2004-04-21 at 03:25, Trog wrote:
> Is that file an email? If so, RTFM on clamscan.
Maybe a feature could be if the first 4 bytes match the regex /From/
then clamscan could assume --mbox.
Blue skies... Todd
---
This S
Vincent Aniello wrote:
Quoting Nigel Horne <[EMAIL PROTECTED]>:
I can't reproduce your problem.
Did you do the following: "make distclean; configure ; make
install"?
I upgraded gcc from 2.96 to 3.3.3 and recompiled clamav 0.70. The program
clamav-milter works now.
Thanks.
Although se
Nigel Horne wrote:
On Saturday 17 Apr 2004 5:16 pm, Vincent Aniello wrote:
When I try starting clamav-milter it immediately dies with the message
"Segmentation fault (core dumped)":
[EMAIL PROTECTED] init.d]# /usr/local/sbin/clamav-milter
Segmentation fault (core dumped)
[EMAIL PROTECTED] init.
Hi
When I uncomment the NotifyClamd option I get the following error.
freshclam daemon started (pid=23740)
ClamAV update process started at Thu Apr 22 09:04:05 2004
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder:
tkojm)
daily.cvd updated (version: 277, sigs: 951, f-level:
With the upgrade to 0.70 release I tried re-enabling OLE2 scanning with my
clamd + exiscan setup, and I got these error again:
2004-04-21 15:00:25 1BGPlY-0004FD-5J malware acl condition: clamd: ClamAV
returned /var/spool/exim/scan/1BGPlY-0004FD-5J/1BGPlY-0004FD-5J-0.doc:
Unable to open file or
mail1:/usr/src# cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/clamav
co clamav-devel
cvs server: Updating clamav-devel
...
cvs server: Updating clamav-devel/docs/Polish
cvs server: [15:34:49] waiting for nigelhorne's lock
in /cvsroot/clamav/clamav-devel/docs/Polish
cvs server: [15:35:19] waiting for
On Wednesday 21 Apr 2004 10:04 pm, Tom Walsh wrote:
> I know that Tomasz had mentioned that the clamav developers were working
> on the ICAP (i-cap.org) implementation of clamd back in March. I have
> not heard anything about the status of this recently and was curious to
> see where this is at.
>
Pat Masterson wrote:
My internet system gets the realtime signature updates a few times a
day, but I need some internal systems to get the updates. Can I:
-use FTP to copy the database internally?
-make the internet system a database server somehow?
Run a web server on your internet connected syst
On 2004-04-21, Wiltshire, Michael wrote:
># clamdscan -v
>ERROR: Clamd is not configured properly.
>
>This only happens when I uncomment the line below.
>
># TCP port address.
>TCPSocket 3310
Use either LocalSocket or TCPSocket, not both at the same time.
s.
--
(0> Jakub Jankowski [url]: s.a
Title: clamav.conf file
Hi all again,
When I run clamdscan, I get the following error:
# clamdscan -v
ERROR: Clamd is not configured properly.
This only happens when I uncomment the line below.
# TCP port address.
TCPSocket 3310
If I leave it commented, I get this error:
# clamd
I know that Tomasz had mentioned that the clamav developers were working
on the ICAP (i-cap.org) implementation of clamd back in March. I have
not heard anything about the status of this recently and was curious to
see where this is at.
I am really interested in offloading my clamd scanning to a d
On Wed, 21 Apr 2004, Marc Balmer wrote:
> Hi all
>
> I updated a few servers to ClamAV 70rc1. We only use clamd. OS is
> OpenBSD 3.5.
>
> The problem we have: clamd terminates. Seems unstable like the 6x series.
>
> Did anyone succed to use this software in a production environment?
I've had g
Hi all
I updated a few servers to ClamAV 70rc1. We only use clamd. OS is
OpenBSD 3.5.
The problem we have: clamd terminates. Seems unstable like the 6x series.
Did anyone succed to use this software in a production environment?
- Marc Balmer
FYI. This is my last submission to the Mozilla Bugzilla that partially
addresses the needs of newbies who want a user-friendly gui or wizard to
set up and configure everything, requiring the user only to make choices
among easily-understood menu options.
Simply telling newbies to "learn Linux"
Hello,
> I must have missed where you stated this. Sigtool uses a hardcoded database
> directory which is determined at compile time.
Thats what I meant being the "actual state". Why using hardcoded
directories if there is a possibility to change it in the config files?
> You may want to smylin
I attempted to upgrade my ClamAV from 0.68 to 0.70 this morning. 0.68 has
been running flawlessly on Fedora Core 1 patched to reasonably current (I
haven't put the latest kernel on, I'm still at 2.4.22-2174nptl).
The error I get is
Apr 21 10:57:27 sweep sendmail[1539]: i3LEvR8Z001539: SYSERR(r
My internet system gets the realtime signature updates a few times a
day, but I need some internal systems to get the updates. Can I:
-use FTP to copy the database internally?
-make the internet system a database server somehow?
Any suggestions are welcome. -pat
*---
Chan Ho wrote:
thats the problem, i don't really know how should I edit this line.
Check the manpage for freshclam:
--daemon-notify=/path/to/clamav.conf
Notify the daemon about the new database. By default it reads a
hardcoded config file but you can use an another on
On Thu, 22 Apr 2004 02:24:57 +0800, "Chan Ho" <[EMAIL PROTECTED]> wrote:
>thats the problem, i don't really know how should I edit this line.
>
>- Original Message -
>From: "Steven Stern" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Thursday, April 22, 2004 12:55 AM
>Subject: Re: [C
On Wed, 2004-04-21 at 20:24, Chan Ho wrote:
> thats the problem, i don't really know how should I edit this line.
well, to be honest .. then i'd suggest to read the "linux" handbook or
learn how to use the editor (whatever editor you choose.
i think you should start first at learning how to use l
On Wed, 21 Apr 2004 11:24:27 +0100
"Ricardo Bernardes" <[EMAIL PROTECTED]> wrote:
> hi
>
> is it possible to stop ClamAV from scanning .zip files?
--disable-archive (clamscan) and comment out ScanArchive in clamav.conf
(disables support for all archive types)
--
oo. Tomasz K
On Wed, 21 Apr 2004 10:48:10 -0600
Jorge Valdes <[EMAIL PROTECTED]> wrote:
> I had a problem with freshclam, I run it in daemon mode and for some
> reason it died. A couple of days passed before I realized this, and
> restarted it. This by itself its not that bad, although my virus
> signatures w
thats the problem, i don't really know how should I edit this line.
- Original Message -
From: "Steven Stern" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, April 22, 2004 12:55 AM
Subject: Re: [Clamav-users] Newbie need help
On Thu, 22 Apr 2004 00:20:03 +0800, "Chan Ho" <[E
bruce wrote:
we're new to clamav and trying to get a better understanding. we've looked
through the clamav docs and from our understanding, the app appears to be a
mail server oriented spam/virus app. is this pretty much the case..??
Clam's primary target is mail servers, yes.
we're looking for an
Bora wrote:
Peter, I know that mailscanner has documentation for everything except with
qmail, do know where I can find it?
I think these are the guys who added support for qmail to MailScanner,
they package the whole thing also:
http://opencomputing.sourceforge.net/
--
/Peter Bonivart
--Unix lo
When I run clamd using a TCP socket, I can telnet to clamd's port and =
issue commands (like "PING" and "SHUTDOWN").
But how do I issue commands when running clamd with a UNIX (local) =
socket?
--Mike
---
This SF.Net email is sponsored by: IBM
Take a look at clamwin, which uses clamav, and works with Windows.
http://clamwin.sourceforge.net/
Regards,
Shannon
http://www.battcave.com/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of bruce
Sent: Wednesday, April 21, 2004 11:54 AM
To: [EMAIL PROTECTE
- Original Message -
From: "Virgo Pärna" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 21, 2004 11:00 AM
Subject: [Clamav-users] Re: WORM_SWEN.A undetected
> On Wed, 21 Apr 2004 09:54:35 -0400, Bit Fuzzy <[EMAIL PROTECTED]>
wrote:
> > Hmmm, I wonder why mine didn't
>
Chan Ho said:
> I set my server to download virus db automatically. However, do I
> need to reload it as I see that clamd has the reload command. If so,
> how to do so?
>
>
Chan:
clamd should be checking every hour by default. Look at
/usr/local/etc/calmav.conf for the database integrity check.
On Thu, 22 Apr 2004 00:20:03 +0800, "Chan Ho" <[EMAIL PROTECTED]> wrote:
>I set my server to download virus db automatically. However, do I need to reload it
>as I see that clamd has the reload command. If so, how to do so?
Look at freshclam.conf. Edit the line 'NotifyUpdate'.
--
Steve
hi...
we're new to clamav and trying to get a better understanding. we've looked
through the clamav docs and from our understanding, the app appears to be a
mail server oriented spam/virus app. is this pretty much the case..??
we're looking for an "open source" app that can be used to do
virus/tr
I had a problem with freshclam, I run it in daemon mode and for some reason
it died. A couple of days passed before I realized this, and restarted
it. This by itself its not that bad, although my virus signatures were out
of date. :(
I recently came across monit, a daemon that watches and opt
I set my server to download virus db automatically.
However, do I need to reload it as I see that clamd has the reload command. If
so, how to do so?
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Andreas
> Haase
> Sent: Tuesday, April 20, 2004 6:55 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Clamav-users] Problems detecting Worm.SomeFool.Y
>
>
> Hello,
>
> > Have you tried to locate or find *.cvd?
On Wed, 21 Apr 2004 09:54:35 -0400, Bit Fuzzy <[EMAIL PROTECTED]> wrote:
> Hmmm, I wonder why mine didn't
>
I guess, it's up to standard questions - what version, what does
the "sigtool --list-sigs | grep -i gibe" show, checking for incorrect
database path and so on... Having file as example
I have setup a small page for all my (updated) clamav patches for
purposes of convenience.
http://www.jmaimon.com/clamav
(still running ok)
I will stop harassing you all now about this.
Joe Maimon wrote:
>These patches
---
This SF.Net email i
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Kristof
> Petr
> Sent: Wednesday, April 21, 2004 5:02 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] upgrading clamav changes permissions on
> directories?
>
>
> Jim Maul wrote:
>
> >I just upgr
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Trog
> Sent: Wednesday, April 21, 2004 6:24 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] upgrading clamav changes permissions
> ondirectories?
>
>
> On Wed, 2004-04-21 at 10:58, Dilip M wrote:
Hmmm, I wonder why mine didn't
My server passed it (clamav) but PC running Pc-Cillin caught it
- Original Message -
From: "Virgo Pärna" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 21, 2004 3:41 AM
Subject: [Clamav-users] Re: WORM_SWEN.A undetected
> On Tue, 20 Apr
On Wed, 21 Apr 2004 07:45:53 -0400, "Chalonec Roger" <[EMAIL PROTECTED]>
wrote:
>I am new to Fedora and so new to clamav. Can someone provide me with
>the easiest way to download, install, and run clamav? I am interested
>in protecting inbound ftp file transfers and periodically scanning my
>fed
Tomas Charvat wrote:
try google
qmail-scanner
That's qmail-scanner, a total different scanner.
Mailscanner (http://www.sng.ecs.soton.ac.uk/mailscanner)
supports qmail since Version 4.27.7 (1/3/2004).
So fairly new, and i only see a qmail-queue.zip and no documentation (yet).
Niek
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Il giorno 21/apr/04, alle 09:55, Trog ha scritto:
On Wed, 2004-04-21 at 08:39, Riccardo Ghiglianovich wrote:
#clamscan --version
clamscan / ClamAV version 0.70-rc
(upgrade to 0.70)
the same file I uploaded to test-clamav manually scanned:
Looks like
Just to inform..
The update to 0.70 (from 0.70rc1) went perfect.
System used is Red Hat Linux 9 and CommuniGate Pro as mailserver. cgpav
1.3 as interface between the 2..
Cheers..
Kristof
---
This SF.Net email is sponsored by: IBM Linux Tutori
* Dilip M <[EMAIL PROTECTED]> [20040421 14:32]: wrote:
> On Wed, 21 Apr 2004 11:02:02 +0200, KriÅtof Petr <[EMAIL PROTECTED]>
> wrote:
>
> >Jim Maul wrote:
> >
> >>I just upgraded my clamav RPMs from 0.70rc to 0.70 (from
> >>http://crash.fc
* Ricardo Bernardes <[EMAIL PROTECTED]> [20040421 14:36]: wrote:
> hi
>
> is it possible to stop ClamAV from scanning .zip files?
>
> (RedHat 8; Sendmail; Mailscanner)
Tell whatever app that calls clamav to exempt .zip files. That's it.
I am new to Fedora and so new to clamav. Can someone provide me with
the easiest way to download, install, and run clamav? I am interested
in protecting inbound ftp file transfers and periodically scanning my
fedora system. I am not running samba nor NFS. Is there a way to
download and install
I am new to Fedora and so new to clamav. Can someone provide me with
the easiest way to download, install, and run clamav? I am interested
in protecting inbound ftp file transfers and periodically scanning my
fedora system. I am not running samba nor NFS. Is there a way to
download and install
It seems like I had the same problem, some Sober.F messages weren't
caught. I submitted one as a new virus and one of the members of the
virus db team told me he caught the virus. He used .70-rc1 and I use
.70.
After some debuging, going through the sources and talking to one of
the developers it
> How did you know the viruses are going through?
> Do you have viruses in your INBOX?
Next antivirus (Trend InterScan VirusWall) detects them.
> If yes, look at mail headers for
> X-Virus-Scanned: clamd / ClamAV version 0.70, clamav-milter version 0.70j
I was able to see this header. I saw also
On 21 Apr 2004 at 9:49, Trog wrote:
> On Wed, 2004-04-21 at 09:37, Andrea Trasatti wrote:
>
> >
> > As you can see, clamscan catches the worm, while clamdscan doesn't. I checked more
> > than once and I only have one main.cvd and one daily.cvd. How do I get the
> > database
> > location of
On Wed, 2004-04-21 at 10:51, Riccardo Ghiglianovich wrote:
> wow, I havw the exact opposite : clamscan does NOT detect, and
> clamdscad does it
>
> # clamscan 5279D9E6.39B
> 5279D9E6.39B: OK
>
> - --- SCAN SUMMARY ---
> Known viruses: 21162
> Scanned directories: 0
> Scanned file
hi
is it possible to stop ClamAV from scanning .zip files?
(RedHat 8; Sendmail; Mailscanner)
thank you
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo tec
On Wed, 2004-04-21 at 10:58, Dilip M wrote:
> On Wed, 21 Apr 2004 11:02:02 +0200, Krištof Petr <[EMAIL PROTECTED]>
> wrote:
>
> > Jim Maul wrote:
> >
> >> I just upgraded my clamav RPMs from 0.70rc to 0.70 (from
> >> http://crash.fce.vutbr.cz/crash-hat/1/clamav/)
> >>
> >> Since i am running qmai
Vital wrote:
Clamd + clamav-milter work fine BUT:
in syslog sometime
clamav-milter[953]: write failure to clamd
sendmail[18248]: i2SEqA0C018248: Milter: data, reject=451 4.7.1 Please try again later
I have to run daemon with option -dont-scan-on-error. Is it normal?
P.S. To my s
On Wed, 2004-04-21 at 10:25, Vital wrote:
> >> Clamd + clamav-milter work fine BUT:
> >> in syslog sometime
> >> >clamav-milter[953]: write failure to clamd
> >> >sendmail[18248]: i2SEqA0C018248: Milter: data, reject=451 4.7.1 Please try again
> >> >later
> >> I have to run daemon with option -d
On Wed, 2004-04-21 at 10:26, Andrea Trasatti wrote:
> Thanks, I added/uncommented the SelfCheck. How should I configure The
> NotifyClam? This is what I have in my conf file:
> #NotifyClamd [/optional/config/file/path]
>
> Should I specify the clamav.conf path?
>
you shouldn't need to specify t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Il giorno 21/apr/04, alle 10:37, Andrea Trasatti ha scritto:
Hello all,
I have posted a few messages about clamd not detecting some SomeFool
variants when scanning mail, but clamscan was detecting them.
wow, I havw the exact opposite : clamscan
On Wed, 21 Apr 2004 11:02:02 +0200, Kri¨tof Petr <[EMAIL PROTECTED]>
wrote:
Jim Maul wrote:
I just upgraded my clamav RPMs from 0.70rc to 0.70 (from
http://crash.fce.vutbr.cz/crash-hat/1/clamav/)
Since i am running qmail with qmail-scanner, i run clamav as user
qscand and
have to change /var/ru
Andrea Trasatti wrote:
Hello all,
I have posted a few messages about clamd not detecting some SomeFool
variants when scanning mail, but clamscan was detecting them.
While reading some man pages and the conf files, I found another binary called
clamdscan. I ran it and this is what turned out:
d
On 21 Apr 2004 at 9:49, Trog wrote:
> On Wed, 2004-04-21 at 09:37, Andrea Trasatti wrote:
>
> >
> > As you can see, clamscan catches the worm, while clamdscan doesn't. I checked more
> > than once and I only have one main.cvd and one daily.cvd. How do I get the
> > database
> > location of
Mimmus wrote:
I currently use Sendmail+ClamAV+Sendmail Milter.
I just upgraded to 0.70-1 from 0.70-rc1, using RPM packages, but many
viruses are going through.
How did you know the viruses are going through?
Do you have viruses in your INBOX?
If yes, look at mail headers for
X-Virus-Scanned: clam
>> Clamd + clamav-milter work fine BUT:
>> in syslog sometime
>> >clamav-milter[953]: write failure to clamd
>> >sendmail[18248]: i2SEqA0C018248: Milter: data, reject=451 4.7.1 Please try again
>> >later
>> I have to run daemon with option -dont-scan-on-error. Is it normal?
>>
>> P.S. To my sup
Jim Maul wrote:
I just upgraded my clamav RPMs from 0.70rc to 0.70 (from
http://crash.fce.vutbr.cz/crash-hat/1/clamav/)
Since i am running qmail with qmail-scanner, i run clamav as user qscand and
have to change /var/run/clamav, /var/log/clamav and /var/lib/clamav to be
owned by qscand. While upg
Andrea Trasatti wrote the following on 04/21/2004 10:37 AM :
[...]
As you can see, clamscan catches the worm, while clamdscan doesn't. I checked more
than once and I only have one main.cvd and one daily.cvd. How do I get the database
location of clamdscan? Where should I change it?
Do you us
On Wed, 2004-04-21 at 09:37, Andrea Trasatti wrote:
>
> As you can see, clamscan catches the worm, while clamdscan doesn't. I checked more
> than once and I only have one main.cvd and one daily.cvd. How do I get the database
> location of clamdscan? Where should I change it?
clamdscan sends th
Hello all,
I have posted a few messages about clamd not detecting some SomeFool
variants when scanning mail, but clamscan was detecting them.
While reading some man pages and the conf files, I found another binary called
clamdscan. I ran it and this is what turned out:
defender2 root #
Nothing to do: after upgrading to 0.70-1 from 0.70-rc1, many viruses are
unrecognized.
It is not a problem of signatures because some viruses of same type are
blocked and some not (for istance: Worm.SomeFool.X).
I used RPMs from http://crash.fce.vutbr.cz/crash-hat/1/clamav/
Is there some basic sett
The clamav dosen't work at the time 19:44-19:45 , on this time I received 5
virus email. why?
You're using milter? If so then you might have configured sendmail to let
through if milter is unavailable.
B.
---
This SF.Net email is sponso
try google
qmail-scanner
- Original Message -
From: "Bora" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 21, 2004 3:44 AM
Subject: RE: [Clamav-users] Clamav and microsoft exchange.
> Peter, I know that mailscanner has documentation for everything except
with
> qma
On Wed, 2004-04-21 at 08:39, Riccardo Ghiglianovich wrote:
> #clamscan --version
> clamscan / ClamAV version 0.70-rc
(upgrade to 0.70)
>
> the same file I uploaded to test-clamav manually scanned:
>
Looks like you didn't specify --mbox
-trog
signature.asc
Description: This is a digitally
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ADDENDUM:
this is an update to my previous mesg
I noticed that just once clamav doesnt recognize the Worm.SomeFool.Q
In fact into my virusalert mailbox I have lots of
"A virus (Worm.SomeFool.Q) was found." instances;
Well, this is more and more strang
On Tue, 20 Apr 2004 12:00:54 -0400, Bit Fuzzy <[EMAIL PROTECTED]> wrote:
> It appears ClamAV doesn't detect WORM_SWEN.A
>
Yes it does. ClamAV actually detects 9 variants of Gibe virus.
And for me Soemfool is usually blocked by extention, so for my clamav
Gibe is actually most popular virus.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
AVPersonal has detected Worm.SomeFool.Q into a mail; clamav does not ;
so I saved the mail and used on line test-clamav
http://www.gietl.com/test-clamav/read.php :
=
File is valid, and was successfully uploaded.
clamav scans t
76 matches
Mail list logo