I'm running clamav-milter 0.87 from ClamAV 0.87.1 with sendmail 8.13.5, with
a database that is fully up-to-date (main.cvd version 34, daily.cvd version
1182), but for some reason this setup is not catching Worm.Sober.U, and
we're getting slammed pretty hard with it. I've tried submitting the
Pete 'Wolfy' Hanson wrote:
Running clamscan --detect-broken finds the message, and generates no errors,
but clamav-milter does not find the message when it comes in. clamd.logshows:
Nov 21 14:08:18 paz clamav-milter[26450]: [ID 788897 local7.notice]
jALM6n0R027652: clean message from [EMAIL
On 11/21/05, Kelson [EMAIL PROTECTED] wrote:
We've been detecting Worm.Sober.U here for a little over 2 hours (with
daily.cvd 1182). If clamscan finds it, but clamav-milter doesn't, maybe
for some reason clamd didn't load the updated database? Try restarting
clamd and/or clamav-mitler (I've
Pete 'Wolfy' Hanson wrote:
On 11/21/05, Kelson [EMAIL PROTECTED] wrote:
We've been detecting Worm.Sober.U here for a little over 2 hours (with
daily.cvd 1182). If clamscan finds it, but clamav-milter doesn't, maybe
for some reason clamd didn't load the updated database? Try restarting
clamd
Pete wrote:
On 11/21/05, Kelson [EMAIL PROTECTED] wrote:
We've been detecting Worm.Sober.U here for a little over 2 hours
(with daily.cvd 1182). If clamscan finds it, but clamav-milter
doesn't, maybe for some reason clamd didn't load the updated
database? Try restarting clamd and/or
On 11/21/05, [EMAIL PROTECTED] [EMAIL PROTECTED]
wrote:
What are your clamd and clamav-milter options?
/usr/local/sbin/clamav-milter --headers --pidfile=/var/clamav/clamav-
milter.pid --quiet /var/clamav/clamav-milter.sock
No clamd since we aren't running with --external.
which has worked
Pete 'Wolfy' Hanson wrote:
On 11/21/05, Kelson [EMAIL PROTECTED] wrote:
We've been detecting Worm.Sober.U here for a little over 2 hours (with
daily.cvd 1182). If clamscan finds it, but clamav-milter doesn't, maybe
for some reason clamd didn't load the updated database? Try restarting
On Mon, 21 Nov 2005 14:04:43 -0900
Pete 'Wolfy' Hanson [EMAIL PROTECTED] wrote:
On 11/21/05, [EMAIL PROTECTED] [EMAIL PROTECTED]
wrote:
What are your clamd and clamav-milter options?
/usr/local/sbin/clamav-milter --headers --pidfile=/var/clamav/clamav-
milter.pid --quiet
On 11/21/05, Tomasz Kojm [EMAIL PROTECTED] wrote:
Please post your clamd.conf file.
LogFileMaxSize 0
LogTime
LogClean
LogSyslog
LogFacility LOG_LOCAL7
PidFile /var/clamav/clamd.pid
TemporaryDirectory /tmp
FixStaleSocket
TCPSocket 3310
TCPAddr 127.0.0.1 http://127.0.0.1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pete 'Wolfy' Hanson wrote:
[snip]
Running clamscan --detect-broken finds the message, and generates no errors,
but clamav-milter does not find the message when it comes in. clamd.logshows:
The key is that clamscan --detect-broken is not the default
On Mon, 21 Nov 2005 14:10:07 -0900
Pete 'Wolfy' Hanson [EMAIL PROTECTED] wrote:
MaxDirectoryRecursion 1
You should be more careful when changing the config options. With the
current MaxDirectoryRecursion setting in your setup clamd/clamav-milter
will fail to detect a lot of malware.
--
oo
On Mon, 21 Nov 2005 17:11:25 -0600
René Berber [EMAIL PROTECTED] wrote:
Fix it by editing /etc/clamd.conf, make sure that the following are set:
DisableDefaultScanOptions
Oh, no. Please do not enable this directive.
--
oo. Tomasz Kojm [EMAIL PROTECTED]
(\/)\.
Pete 'Wolfy' Hanson wrote:
On 11/21/05, Kelson [EMAIL PROTECTED] wrote:
We've been detecting Worm.Sober.U here for a little over
2 hours (with daily.cvd 1182). If clamscan finds it, but
clamav-milter doesn't, maybe for some reason clamd didn't
load the updated database? Try restarting clamd
DisableDefaultScanOptions
DetectBrokenExecutables
No change in behavior with those opts
--
Pete Hanson
http://www.well.com/user/wolfy
http://www.fotolog.net/wolfy
___
http://lurker.clamav.net/list/clamav-users.html
On 11/21/05, Tomasz Kojm [EMAIL PROTECTED] wrote:
MaxDirectoryRecursion 1
You should be more careful when changing the config options. With the
current MaxDirectoryRecursion setting in your setup clamd/clamav-milter
will fail to detect a lot of malware.
Maybe, but it doesn't seem to have
I'm seeing the same thing here. My uvscan sees sober but
since I restarted the server this morning at 10am there have
been zero detections of anything from clamd at all. Only
seven detections from uvscan over the same time period.
FWIW, we're detecting other viruses and worms - but
I'm seeing the same thing here. My uvscan sees sober but
since I restarted the server this morning at 10am there
have been zero detections of anything from clamd at all.
Only seven detections from uvscan over the same time
period.
FWIW, we're detecting other viruses and worms - but
Kevin W. Gagel wrote:
Pete 'Wolfy' Hanson wrote:
On 11/21/05, Kelson [EMAIL PROTECTED] wrote:
We've been detecting Worm.Sober.U here for a little over
2 hours (with daily.cvd 1182). If clamscan finds it, but
clamav-milter doesn't, maybe for some reason clamd didn't
load the updated database?
On Mon, 21 Nov 2005 14:39:58 -0900
Pete 'Wolfy' Hanson [EMAIL PROTECTED] wrote:
On 11/21/05, Tomasz Kojm [EMAIL PROTECTED] wrote:
MaxDirectoryRecursion 1
You should be more careful when changing the config options. With the
current MaxDirectoryRecursion setting in your setup
19 matches
Mail list logo
