Hmm, i dunno , i got this X-Virus-Scanned: clamd / ClamAV version 0.70,
clamav-milter version 0.70j on a production relay, it's linux suse, but
kernel taken from kernel.org (2.4.26) and sendmail compiled from source (8.12.11). All
work well. Ops i fogot, i have clamd (and spamd spamassassin) on
On Tuesday 04 May 2004 10:25 pm, Matias Lopez Bergero wrote:
I think that I have found the problem.
Wen I regenerate the sendmail.cf the file laks of the filter options.
I am doing this with the following command:
m4 sendmail.mc sendmail.cf
On RedHat machines and derivatives (is that what
On Tue, 04 May 2004 18:05:19 -0400
Chris Conn [EMAIL PROTECTED] wrote:
Hello,
I am running clamav-0.70 with mailscanner (rebuilt the Fedora RPMs on
RHEL3), and I have had for the first time something I have not had in
a very long time; Segmentation fault, :-( Bye..
I searched the logs,
Is anyone having problems with freshclam verifying the daily.cvd file ?
I have no problem with the main.cvd, but the daily.cvd continually gives
me ...
Downloading daily.cvd [*]
ERROR: Verification: Broken or not a CVD file.
Trying again...
I've tried continuously and it just don't seem to want
To attempt to bring clamav's virus database up to date I tried to load
the bin files located at
http://news.gmane.org/gmane.comp.security.virus.clamav.virusdb
A typical file at this location looks like 329-001.bin
Now, how the $%$^# do you load these things ? - I can hear some of you
laughing
Paul Bruce wrote:
To attempt to bring clamav's virus database up to date I tried to load
the bin files located at
http://news.gmane.org/gmane.comp.security.virus.clamav.virusdb
???
This is just an archive of clamav-virusdb list.
A typical file at this location looks like 329-001.bin
???
How could I stop clamav-milter from responding with a bounce notice
while still rejecting infected messages from the incoming queue?
Don't use the -b (--bounce) optionb when starting the program.
I noticed that removing the -b option will let the infected messages
in. Are you sure about that?
How could I stop clamav-milter from responding with a bounce notice while
still rejecting infected messages from the incoming queue? The recipient
of the infected message should still receive a notification from clamav.
man clamav-milter
-P (upper case) should solve your problem. if not then -N
Hi again guys
I've just upgraded fra ver. 0.60 to 0.70 and I'm totaly confused. :-(
When an infected mail is found .. a lot of mails is being sent.. and
some is sent to empty adresses resulting in savemail panics. The
infected mail is quarantined 3 times.
As far as I can se mails i send to
Note that clamav-milter is listening on the socket
/var/run/clmilter.sock, but you told sendmail to connect to it over the
socket at local:/var/run/clamav.sock. That will never work.
no. that's the correct setup. here is my relevant part
of config.mc:
Tomasz Kojm wrote:
Tue May 4 16:08:13 2004 - Segmentation fault :-( Bye..
and at precisely 16:08:13, MailScanner reports the following virus:
May 4 16:08:13 MailScanner[16448]:
/var/spool/MailScanner/incoming/16448/.i44K7gOj020343/%nTips.exe:
Worm.Klez.H FOUND
Is it possible that a %n in
Hi,
I just discovered something odd with our amavisd-new / clamav installation :
note: our amavisd-new is dated from 2002/12/27. The problem might have
been solved since then.
When this version receives an encrypted zip files with
$bypass_decode_parts = 0; (the default value in the conf file)
Is there a way to
auto delete the temp files created when scanning? My system (v 0.70) hung
yesterday due to thetemp filesnot being deleted...they tend to grow
and grow and grow. Today I already have over 10,000 temp files, and
although it may take a month or so, this will eventually become
On Wed, 2004-05-05 at 14:32, Chris Conn wrote:
Tomasz Kojm wrote:
Tue May 4 16:08:13 2004 - Segmentation fault :-( Bye..
and at precisely 16:08:13, MailScanner reports the following virus:
May 4 16:08:13 MailScanner[16448]:
On Wed, 2004-05-05 at 15:00, Matthew Myers wrote:
Is there a way to auto delete the temp files created when scanning?
My system (v 0.70) hung yesterday due to the temp files not being
deleted...they tend to grow and grow and grow. Today I already have
over 10,000 temp files, and although it
On Wed, 2004-05-05 at 06:55, Lionel Bouton wrote:
Hi,
I just discovered something odd with our amavisd-new / clamav installation :
note: our amavisd-new is dated from 2002/12/27. The problem might have
been solved since then.
It has.
When this version receives an encrypted zip files with
Hi everyone
...I have a file, which I suppose is infected with W32/[EMAIL PROTECTED], if I
trustsome other AV.If I submit it to the clam on-line scan server, it
finds it as"Worm.SomeFool.Gen-1"but... clamscan does not find
it.Inside the file there is some .scr attachement,I used the
On Wednesday 05 May 2004 3:00 pm, Matthew Myers wrote:
Is there a way to auto delete the temp files created when scanning? My
system (v 0.70) hung yesterday due to the temp files not being
deleted...they tend to grow and grow and grow. Today I already have over
10,000 temp files, and
On Wednesday 05 May 2004 3:00 pm, Matthew Myers wrote:
Is there a way to auto delete the temp files created when scanning? My
system (v 0.70) hung yesterday due to the temp files not being
deleted...they tend to grow and grow and grow. Today I already have over
10,000 temp files, and
On Wednesday 05 May 2004 3:09 pm, Flynn wrote:
Hi everyone ...
I have a file, which I suppose is infected with W32/[EMAIL PROTECTED], if I trust
some other AV.
If I submit it to the clam on-line scan server, it finds it as
Worm.SomeFool.Gen-1
but... clamscan does not find it.
Inside the
First - hack milter ...
Second - cron job rm -f /path/to/quarantine
On Wed, May 05, 2004 at 09:00:42AM -0500, Matthew Myers wrote:
Is there a way to auto delete the temp files created when scanning? My
system (v 0.70) hung yesterday due to the temp files not being
deleted...they tend to grow
No, it isn't obviously the scan that caused the segmentation fault.
That's a wholly unfounded assumption on your part.
This server processes between 30 and 100 thousand emails per day,
calling clamdscan on every one. It will find 2 to 5 hundred Klez
viruses per day. In your expert opinion,
On Wed, 05 May 2004 09:32:48 -0400
Chris Conn [EMAIL PROTECTED] wrote:
Hello,
This server processes between 30 and 100 thousand emails per day,
calling clamdscan on every one. It will find 2 to 5 hundred Klez
viruses per day. In your expert opinion, what would be the reason for
this
On May 5, 2004, at 10:00 AM, Matthew Myers wrote:
Is there a way to auto delete the temp files created when scanning?
My system (v 0.70) hung yesterday due to the temp files not being
deleted...they tend to grow and grow and grow. Today I already have
over 10,000 temp files, and although it
* Matthew Myers [EMAIL PROTECTED] [20040505 17:43]: wrote:
Is there a way to auto delete the temp files created when scanning? My
system (v 0.70) hung yesterday due to the temp files not being
deleted...they tend to grow and grow and grow. Today I already have over
10,000 temp files
Ok... it's a message that contains a message that contains a .pif file
The first message is not recognized (as I said)
The extracted message is not recognized as a virus
The extracted virused .pif file *is* recognized
notice that it's a .pif file, and not a .scr, my mistake, the .scr was in
Freshclam reports:
RELAY:root[sbin] freshclam
ClamAV update process started at Wed May 5 10:07:25 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder:
tkojm)
Reading CVD header (daily.cvd): OK
daily.cvd is up to date (version: 303, sigs:
(following my previous answer) :
Now this is interesting :
If I submit the internal message to the on-line scanner, it doesn't find any
virus in it.
so to resume : We have a Message A containing a message B containing a virus
V
(I hope the following array stays readable)
detection?
Tomasz Kojm wrote:
On Wed, 05 May 2004 09:32:48 -0400
Chris Conn [EMAIL PROTECTED] wrote:
Hello,
This server processes between 30 and 100 thousand emails per day,
calling clamdscan on every one. It will find 2 to 5 hundred Klez
viruses per day. In your expert opinion, what would be the
Reconfiguring without --enable-debug appears to have corrected the issue.
Thanks to all who replied!!
Matthew
---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson Lucent use to
On Wed, 05 May 2004 09:32:48 -0400
Chris Conn [EMAIL PROTECTED] wrote:
This server processes between 30 and 100 thousand emails per day,
calling clamdscan on every one. It will find 2 to 5 hundred Klez
viruses per day. In your expert opinion, what would be the reason for
this
On 2004-05-05, Alex V. Kovirshin wrote:
First - hack milter ...
Second - cron job rm -f /path/to/quarantine
Zero - read docs.
s.
--
(0 Jakub Jankowski [url]: s.atn.pl Nawet w Krainie Czarow
//\ [EMAIL PROTECTED] [rlu]: 174516 latwiej jest spotkac
V_/_ [EMAIL PROTECTED] [ekg]:
Hi Roberto,
Thanks!! I can see the changes in sendmail.cf now!
But a new problem as occur :P
I have added to sendmail.mc:
define(_FFR_MILTER)dnl
INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clmilter.sock,
F=,T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clamav')dn
I use
ups! :P Ur right!
Thanks lot Stephen, I am going to change that.
Regards!
Matías.
Stephen Gran wrote:
On Tue, May 04, 2004 at 05:06:49PM -0300, Matias Lopez Bergero said:
Hello list!
After reading a little bit in google and in the list it self, I have
successfully installed the clamav antivirus
Nigel Horne wrote:
On Tuesday 04 May 2004 10:25 pm, Matias Lopez Bergero wrote:
I think that I have found the problem.
Wen I regenerate the sendmail.cf the file laks of the filter options.
I am doing this with the following command:
m4 sendmail.mc sendmail.cf
On RedHat machines and derivatives
|Subject: [Clamav-users] Sasser Worm Virus not shown with sigtool
|
|Freshclam reports:
|
|RELAY:root[sbin] freshclam
|ClamAV update process started at Wed May 5 10:07:25 2004
|Reading CVD header (main.cvd): OK main.cvd is up to date
|(version: 22, sigs: 20229, f-level: 1, builder:
|tkojm)
Fixed!!
The space after the clmilter.sock, was wrong.
I write all the sentence in one line y regenerate the cf file and it's
working!! :D
There is a tool to generate reports on clamav-milter activity like
viruses blocked, type of virus found, etc??
Thanks a loot for the help!!
Best regards!
this segmentation fault that occurred at the exact second it scanned
this Klez virus?
As a temporary work-around please disable the LogSyslog directive. The
format string problem is connected with the vsyslog() call in
shared/output.c and currently I have no (good) idea how to fix it.
Hello,
Jason Haar wrote:
On Tue, Apr 20, 2004 at 01:11:40PM -0400, Mike Cathey wrote:
...lsof the pid and see what files it has open...then copy the files to
somewhere else and fire them off to the develpers. :)
Nope - that won't help. I just did that - twice within 10 minutes on my
(currently)
I have clamav-0.70 (the release version) installed but I'm seeing Current
functionality level = 1, required = 2 in the log file.
--
Michael St. Laurent
Hartwell Corporation
---
This SF.Net email is sponsored by Sleepycat Software
Learn
Run m4?
make -C /etc/mail
should compile the .m4 file into the .cf result.
--
Steve
sorry, but that does not make sense, at least with RH7.3
Make sure that sendmail-cf is installed.
--
Regards...Todd
[EMAIL PROTECTED] mail]# rpm -qa | grep sendmail
Lynn Duerksen Sent: Wednesday, May 05, 2004 11:26 AM
Freshclam reports:
RELAY:root[sbin] freshclam
ClamAV update process started at Wed May 5 10:07:25 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder:
tkojm)
Reading CVD header
Hi again
I just don´t get it. Something is rotten in the state of Denmark. :-)
When using the same config file at shown below .. and starting clamav-milter
with these options:
--force-scan --config-file=/opt/clamav-0.70/etc/clamav.conf --quarantine-dir
=/var/quarantine
From: Michael St. Laurent [EMAIL PROTECTED]
I have clamav-0.70 (the release version) installed but I'm seeing Current
functionality level = 1, required = 2 in the log file.
That suggests that you've got multiple versions installed and you're (still)
starting the old version.
As has been
Colin A. Bartlett wrote:
Lynn Duerksen Sent: Wednesday, May 05, 2004 11:26 AM
Freshclam reports:
RELAY:root[sbin] freshclam
ClamAV update process started at Wed May 5 10:07:25 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder:
Raul Elizondo wrote:
Run m4?
make -C /etc/mail
should compile the .m4 file into the .cf result.
--
Steve
sorry, but that does not make sense, at least with RH7.3
Make sure that sendmail-cf is installed.
--
Regards... Todd
[EMAIL PROTECTED] mail]# rpm -qa | grep sendmail
Michael St. Laurent wrote:
I have clamav-0.70 (the release version) installed but I'm seeing
Current functionality level = 1, required = 2 in the log file.
sheepish-grin Nevermind, I found the problem.
--
Michael St. Laurent
Hartwell Corporation
I'm running SuSE 8.0 Server with clamav 0.70. I've set up clamav to run
under daemontools following the instructions here
http://www.clamav.net/doc/0.70/clamd_supervised/clamd-daemontools-guide.txt.
My clamd/log/run file is:
#!/bin/sh
exec /usr/local/bin/setuidgid qscand
It would be nice if clamscan, clamd, freshclam, sigtool, etc printed out
the full path of the database files they are using (maybe only if -v is
specified?). That would help people track down what's happening.
--Eric
--
Eric Wieling * BTEL Consulting * 504-899-1387 x2111
In a related
Thanks Daniel,
That looks *exactly* like what I need - and a good excuse to learn to
use rsync!
- steve
-Original Message-
From: Daniel J McDonald [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 4 May 2004 10:42 a.m.
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] freshclam without 'net
Nigel Horne wrote:
On Wednesday 05 May 2004 6:27 pm, Matias Lopez Bergero wrote:
There is a tool to generate reports on clamav-milter activity like
viruses blocked, type of virus found, etc??
Yes. Look at some sample output at
http://cgi.bandsman.co.uk/cgi-bin/virus/display.pl.
You'll find the
On Wed, May 05, 2004 at 02:15:29PM -0400, Jesse Guardiani wrote:
past 0.70-rc a month or two ago. 0.70 (upgraded just yesterday) does the same
thing. I'm running FreeBSD 4.8-RELEASE + daemontools. I don't see the seg
fault, but my clamd is hanging every 5 or 10 minutes and I'm forced to use
This wont do. Get a newer sendmail or compile one your self from
www.sendmail.org
Usualy if you do the latter it is a drop in replacement.
i didnt get it, you mean this version of sendmail wont work? it is working
right now with the changes i did in my last email, it is detectig/blocking
Raul Elizondo wrote:
This wont do. Get a newer sendmail or compile one your self from
www.sendmail.org
Usualy if you do the latter it is a drop in replacement.
i didnt get it, you mean this version of sendmail wont work? it is working
right now with the changes i did in my last email, it
Hello,
I am installing Clamav 0.70 on a webhost virtual private server
configuration running Redhat V??. First glance indicates that the installed
Sendmail does not have Milter support installed (libmilter not found by
configure).
I'm working my way through the documentation and third party
55 matches
Mail list logo
